buf_read_ahead_linear dereferences buffer page pointer without protection

buf_read_ahead_linear contains the following:

 bpage = buf_page_hash_get(buf_pool, space, offset);

...

 switch (buf_page_get_state(bpage)) {
frame = bpage->frame or zip.data;
 }

 /* Read the natural predecessor and successor page addresses from
 the page; NOTE that because the calling thread may have an x-latch
 on the page, we do not acquire an s-latch on the page, this is to
 prevent deadlocks. Even if we read values which are nonsense, the
 algorithm will work. */

 pred_offset = fil_page_get_prev(frame);
 succ_offset = fil_page_get_next(frame);

After the buffer pool mutex split, the page returned by buf_page_hash_get is dereferenced without any protection.

At the same time, some other lesser issues noticed in the 5.7 port of the buffer pool mutex split:
- buf_pool_watch_set and buf_pool_watch_remove need not to lock the zip mutex. Page hash X latch is enough protection already.
- buf_pool_mutex_key for PFS is now unused;
- some bool variables (have_lru_mutex in buf_page_io_complete and must_restart in bf_flush_or_remove_page) are set to ibool TRUE and FALSE constants;
- buf_flush_page_try and i_s_innodb_fill_buffer_pool have misleading comments.