io_uring: don't touch ctx in setup after ring fd install

syzkaller reported an issue where it looks like a malicious app can
trigger a use-after-free of reading the ctx ->sq_array and ->rings
value right after having installed the ring fd in the process file
table.

Defer ring fd installation until after we're done reading those
values.

Fixes: 75b28aff ("io_uring: allocate the two rings together")
Reported-by:  <syzbot+6f03d895a6cd0d06187f@syzkaller.appspotmail.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>