APP CRASH signal arriving during dr_app_setup races with handler removal

Today DR installs its signal handlers during dr_app_setup(), but then we remove them at the end of setup due to the split setup-vs-start design (which like the stop-vs-detach design is inherently problematic...). We re-instate them during dr_app_start(). We thus have a race where a signal such as SIGPROF can arrive while our handler is in place during setup, be delivered to a native thread who has no TLS, and before the SIGSEGV from the TLS safe read is raised, setup finishes and os_process_not_under_dynamorio() reinstates the app handler. We end up with an app crash.

To solve: for dr_app_setup(), do not put our handlers in place, right? signal_reinstate_handlers() will re-acquire the app handlers. Can we also remove the not_under call at the end of setup? Right now we have init doing "under", end of init doing "not under", and start doing "under". Maybe we can remove the first two.

Should we only support dr_app_setup_and_start() instead of the split?