Set CONFIG_BLK_DEV_WRITE_MOUNTED=n for all official kernels

A new kernel config option CONFIG_BLK_DEV_WRITE_MOUNTED has been introduced in kernel 6.8, which when set to n disables direct writes to the backing device of mounted file systems. This is extremely useful to prevent e.g. overwriting/currupting the current running system.

While it might cause fsck'ing a ro-mounted file system to stop working, realistically no one does that these days. The fsck is performed in the initramfs, before the root file system is mounted; plus modern file systems such as xfs and btrfs only support/use scrub rather than fsck when mounted.

The setting could be overridden through kernel cmdline option bdev_allow_write_mounted, if that's desirable for some users. But for the majority I think it brings much more benefit, and hence should become the new default for official kernels.