Optimize mount access control primitives

[Danny-Wei]

Problem

Attackers may call mount() with a fake fstype to bypass checks for bind mount, remount, and move mount.

Related issues: MountRule fstype misconfiguration #12

Solution

Adjust the logic of mount access control, checking fstype only when mounting new devices or forcing the fstype to 'none' for remount, bind, move etc.