security/Kconfig: further restrict HARDENED_USERCOPY

It doesn't make sense to have HARDENED_USERCOPY for root users when either
/dev/kmem is enabled or /dev/mem can be used to read kernel memory (i.e.
!STRICT_DEVMEM).

Signed-off-by: Tycho Andersen <tycho@docker.com>
CC: Kees Cook <keescook@chromium.org>
CC: "Serge E. Hallyn" <serge@hallyn.com>
CC: James Morris <james.l.morris@oracle.com>
[kees: adjust commit log slightly]
Signed-off-by: Kees Cook <keescook@chromium.org>