pipe: Avoid calling selrecord() on a closing pipe

pipe_poll() may add the calling thread to the selinfo lists of both ends
of a pipe. It is ok to do this for the local end, since we know we hold
a reference on the file and so the local end is not closed. It is not
ok to do this for the remote end, which may already be closed and have
called seldrain(). In this scenario, when the polling thread wakes up,
it may end up referencing a freed selinfo.

Guard the selrecord() call appropriately.

Reviewed by: kib
Reported by: syzkaller+KASAN
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D30016