globally use session-qualified imports; add Lib session

Session-qualified imports will be required for Isabelle2018 and help clarify
the structure of sessions in the build tree.

This commit mainly adds a new set of sessions for lib/, including a Lib
session that includes most theories in lib/ and a few separate sessions for
parts that have dependencies beyond CParser or are separate AFP sessions.
The group "lib" collects all lib/ sessions.

As a consequence, other theories should use lib/ theories by session name,
not by path, which in turns means spec and proof sessions should also refer
to each other by session name, not path, to avoid duplicate theory errors in
theory merges later.

SELFOUR-1016: fix confused deputy problem when setting priorities

Isabelle2016-1: rename free variables to avoid capture

SELFOUR-444: fix DSpecProofs and SysInit

SELFOUR-276: Finish proofs for maximum controlled priority (MCP)

To finish the proof of refinement to C, the specification for checkPrio
needed strengthening: the checkPrio spec now takes a machine word
argument. In the spec, priorities are still stored as 8-bit quantities,
however. Once the spec was strenthened, it was possible to remove some
redundant checks and mask operations from the C code.

A thread's maximum controlled priority (MCP) determines the maximum
thread priority or MCP it can assign to another thread (or itself).

l4v-sabre: proof fix upto InfoFlowC

Fix seL4_TCB_Resume

fix seL4_TCB_WriteRegisters

Import release snapshot.