Don't clobber an open user.dat file descriptor in js_CreateUserObject()
Likely fix for the user.dat open file descriptor leak: If js_CreateUserObject(cx,parent,cfg,"name",...) is called multiple times (e.g. before login and after login), the successive calls will reuse the previously allocated JS object and allocated private data memory. However, the private data memory (which includes the descriptor of an open user.dat file, if it has been opened), was always zeroed, even if it was being reused. This would leak open file descriptor. So any (pre)login scripts or web scripts that use the "user" object (which is all zeroed-out before login) and then allows a user to subsequently login, would leak a file descriptor.