Move closefrom() to before first malloc.

When built against tcmalloc, tcmalloc allocates a descriptor for its
internal use, so calling closefrom() afterward causes the descriptor
number to be reused resulting in a corrupted connection.  Moving the
closefrom a little earlier should resolve this.  From kircherlike at
outlook.com via bz#3321, ok djm@

ssh.c

@@ -653,6 +653,12 @@ main(int ac, char **av)
 	/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
 	sanitise_stdfd();
 
+	/*
+	 * Discard other fds that are hanging around. These can cause problem
+	 * with backgrounded ssh processes started by ControlPersist.
+	 */
+	closefrom(STDERR_FILENO + 1);
+
 	__progname = ssh_get_progname(av[0]);
 
 #ifndef HAVE_SETPROCTITLE
@@ -668,12 +674,6 @@ main(int ac, char **av)
 
 	seed_rng();
 
-	/*
-	 * Discard other fds that are hanging around. These can cause problem
-	 * with backgrounded ssh processes started by ControlPersist.
-	 */
-	closefrom(STDERR_FILENO + 1);
-
 	/* Get user data. */
 	pw = getpwuid(getuid());
 	if (!pw) {