Linux: Fix #81 URB double free race condition on device disconnect

Linux: Fix #81 URB double free race condition on device disconnect

A submitted transfer that has just been failed by the kernel could be
picked up by an event handler to be cleaned up, where freeing of URB
memory would race with the submit function doing it's own cleanup and
freeing as a result of the submit failing.

libusb_submit_transfer() always holds itransfer->lock, so the race can
be avoided by taking that lock also in the cleanup path and checking
that the URB memory has not already been freed before freeing it there.

As http://libusb.org/ticket/81#comment:14 notes there is still another
possible, but unlikely, race condition between libusb_submit_transfer()
and an event handling thread. That will require more work to solve.

[stuge: Add check in cleanup path that URBs have not already been freed]