replacing all ifndef with pargma once

All the kernel header files now use pargma once rather than the ifndef,
as the pre-processed C files do not change while header files
are protected with pargma once. This will also solve any naming issues
caused by ifndef.

Convert license tags to SPDX identifiers

This commit also converts our own copyright headers to directly use
SPDX, but leaves all other copyright header intact, only adding the
SPDX ident. As far as possible this commit also merges multiple
Data61 copyright statements/headers into one for consistency.

style: consistently attach return type

Add attach-return-type to astyle

style: consistently align pointer with name

Run astyle with align-pointer=name

style: correct parenthesis padding

Use astyle's unpad-paren to unpad all parentheses that are not included
by pad-header, pad-oper, and pad-comma.

x64: SKIM window to mitigate Meltdown (CVE-2017-5754) on x86-64

Introduces a kernel option that, when enabled, reduces the kernel window in a user address
space to just be Static Kernel Image and Microstate (SKIM), instead of the full kernel
address space. This isolates the important kernel data from the user preventing a
Meltdown style attack being able to violate secrecy. The kernel text and read only data,
i.e. anything that is static from boot, is not secret and can be allowed in the SKIM window
and potentially read by the user. Additionally to switch to and from the actual kernel
address space a small amount of state needs to also be in the SKIM window.

This is only an implementation for x86-64, although the same design is applicable to ia32

SMP: Introduce ENABLE_SMP_SUPPORT

- Make it more readable and less confusing compared to the 'CONFIG_MAX_NUM_NODES > 1' check

[STYLE_FIX]

Use unverified_compile_assert in cases where OFFSETOF is used

OFFSETOF is not supported by the C parser, and so regular compile_assert may not be used

rename arch_tcb.vcpu -> arch_tcb.tcbVCPU, vcpu.tcb -> vcpu.vcpuTCB

struct vcpu { struct tcb* tcb; ...
struct arch_tcb { struct vcpu* vcpu; ...
and
struct tcb { struct arch_tcb tcbArch; ...

These conspire to generate a type error on verification side due to
assumptions about non-colliding names.

s/D61/DATA61/ in license headers for consistency

x86: Send explicit TCB when handling remote VMs withs pending notifications

Previously if the `ksCurThread` of the destination core is not the thread that is
receiving the notification in `sendSignal` then the notification would be delayed
until the VMM for that VM next did a `seL4_VMEnter`. This adds a `tcb_t*` parameter
to `VMCheckBoundNotification` instead of having it implicitly talk about `ksCurThread`.
A TCB parameter is safe to send here as the `doRemoteVMCheckBoundNotification`
happens synchronously and so the TCB is guaranteed to still exist.

x64: VT-x related cap and object definitions

* Adds object and cap definitions for VT-x structures (VCPU and EPT).
* Extends the asid_map implementation to support ASIDs in the EPT
* Adds size definitions for VCPU and EPT objects

x86: Make `vmread`/`vmwrite` functions public

It is useful (largely for debugging/logging code) to be able to access
these functions outside of the internal VCPU implementation

ia32: VCPU only needs kernelSP on ia32

x86-64 has better ways (`swapgs`) of managing per core kernel stacks.
This commit hides the `kernelSP` member of a `vcpu_t` under x86-64
so as not to cause confusion and accidental attempted usage

x86: Explicitly define VCPU general purpose registers

Previously the GP registers for a VCPU were defined in the 32-bit
arch registerset. This does not actually make sense as the mode
for the VCPU should be decoupled (and well defined) regardless of
the execution mode of the kernel. This commit provides an explicit
definition and register order for VCPU GP registers.

x86: Avoid modifying thread running on different core in sendSignal

When sending a signal to a notification object that has a bound thread that is
in the 'runningVM' start we, ordinarily, want to deliver it by switching back
to the native execution of that thread and delivering the message. If the thread
is in the 'runningVM' state on a different core, then we must not modify its
thread state. Previously we would modify the thread state (changing it to
Running) and then attemptSwitchTo. Switching would fail, as its affinity would
be for a different core, resulting in us enqueing the thread into the
scheduling queue, despite the thread also presently running.

This commit both adds a check to prevent us manipulating a thread that
is actively running on a different core, as well as a remote operation
to tell that core that if it is running a VM it should recheck its
endpoint for a message.

x86: Initial support for SMP vt-x

Enables vt-x code to compile when CONFIG_MAX_NUM_NODES is set to
greater than 1 and adds code to manage VMCS state on different cores

x64: Guard vt-x that is not yet implemented

These guards are needed because vt-x is not yet properly supported
in x86-64 builds. Once it is these guards can be removed again

SELFOUR-287: 32-bit vt-x implementation

This is an implementation of vt-x for x86 kernels running in
ia32 mode.