Set close-on-exec file for file inputs
We don't want to leak descriptors to child PROCESSES (!= threads) such as the pseudo-CGI interface. The socket wrappers ahve already been doing that for a while. Unfortunately, there are still many "leaks", through underlying libraries, opendir(), fopen(), etc. And then, this is not thread-safe (we leak if another thread calls fork() between open() and fcntl()). This is a well-known limitation in POSIX anyway.