Use memfd_create when available.

It is cleaner way to get anonymous file descriptor. Prevents issue if there is no writeable home/tmp directory and does not appear in output of tools that report deleted files in use.

Alternatively it could use glibc's wrapper for memfd_create, but that is available only since version 2.27.