Always create sub-blobs in MEMORY_MODE_READONLY

Always create sub-blobs in MEMORY_MODE_READONLY

This fixes a design bug with sanitize and sub-blobs that can
cause crashes.  Jonathan and I found and debugged this issue
when we tested a corrupt font with the md5sum / filename:
ea395483d37af0cb933f40689ff7b60a.  Two hours of intense
debugging we found out that the font has overlapping GSUB/GPOS
tables, and as such, sanitizing the second table can modify
the first one, which can cause all kinds of undefined behavior.

The correct way to fix this is to make sure sub-blobs are
always created readonly, since we consider the parent blob
to be a shared resource and can't modify it, even if it *is*
writable.

This essentially makes the READONLY_MAY_MAKE_WRITABLE mode
unused...  Maybe we should simply remove / deprecate it.