[CVE-2021-41073] Fix order of overwritten simple_xattr fields

The address of `modprobe_path` was written to `simple_xattr->prev` instead of `simple_xattr->next`
as stated in the exploit writeup.

Thus, the arbitrary write occurs in the second part of the unlinking, when `simple_xattr->next`
is written to `simple_xattr->prev->next`.

This actually slightly simplifies the exploit as `next` is the first field in `list_head`
so there is no need to deal with any offsets.

However, if the technique in the writeup is followed exactly, `modprobe_path` should be written
into `simple_xattr->next`, so that in the first part of unlinking, the value of `simple_xattr->prev`
is written to `simple_xattr->next->prev`, which is offset 8 bytes from `simple_xattr->next`.

This commit modifies the exploit to use the latter method, accounting for the 8 byte offset.
More comments are also added to better explain what is going on.

Ref: https://twitter.com/QiuhaoLi/status/1578362818369232897