fs-util: always call label post ops in xopenat_full(), in both success and error...

fs-util: always call label post ops in xopenat_full(), in both success and error path

For SELinux it is essential that we reset the file creation label both
in the success and in the error path, hence do so.

Moreover, when calling the label post ops do it if possible with the
opened fd of the inode itself, rather than always going via its path,
simply to reduce the attack surface.