Convert license tags to SPDX identifiers

This commit also converts our own copyright headers to directly use
SPDX, but leaves all other copyright header intact, only adding the
SPDX ident. As far as possible this commit also merges multiple
Data61 copyright statements/headers into one for consistency.

kernel: set maximum user paddr in build system

expose the maximum physical address that can be given to userspace
for use in hardware_gen.py

pc99,CMake: Move configs to x86 dir

These configs are also used by x86 files and this fixes an configuration
race condition where projects try set KernelIOMMU after platform
settings are configured and so KernelIOMMU doesn't result in a correct
value.

cmake: Only include cmake files for selected arch

This prevents accidental declaration of properties or configurations
that are for the incorrect architecture selected. This was previously
required as the variables KernelWordSize and KernelArch were defined in
each arch specific cmake.config file. Now that they are defined in
advance it is possible to exclude the other imports.

Add syscall for setting the current TLS register.

Some platforms and configurations do not allow user code to change the
value of the register used for TLS. On these architectures a syscall can
be used to allow the kernel to update the register on their behalf.

This does not immediately update the value in the user context on many
configurations as the values are only stored in the user context on a
context switch.

RFC-3: Update context for x86 to use FS and GS.

TLS_BASE virtual register is replaced with FS_BASE and GS_BASE virtual
registers.

The FS_BASE and GS_BASE virtual registers are moved to the end of the
context so they need not be considered in the kernel exit and entry
implementation.

Removed tracking of ES, DS, FS, and GS segment selectors on kernel entry
and exit.

ES and DS are clobbered on kernel entry with the RPL 3 selector for a
DPL 3 linear data segment.

FS is clobbered on exit with the RPL 3 selector for the DPL 3 segment
with FS_BASE as the base. This is done on exit to reload the value from
the GDT.

GS is clobbered on exit with the RPL 3 selector for the DPL 3 segment
with GS_BASE as the base. This is done on exit to reload the value from
the GDT.

Kernel entry and exit code is refactored, simplified, and improved in
light of the above changes.

x64: update verified config to use fsgsbase instr

The verification platform for x64 relies on the fsgsbase instruction.

CMake: Invert plat config.cmake processing order

Instead of processing each platform CMake file during the arch's
config.cmake file, we process all of the platform CMake files first.
This is primarily motivated by wanting to move platform configuration
into a config file that is processed via a -C argument to the initial
build initialisation command.

Now a platform config is responsible for setting the kernel architecture
and it's own platform/arch specific config settings. Where previously a
platform was chosen in an arch specific way via either setting
KernelARMPlatform or KernelX86Sel4Arch or KernelRiscVPlatform, a
platform can now be set by KernelPlatform. In cases where a platform may
further parameterise its configuration it is free to choose its own
config options to query. Platforms that support multiple seL4
architectures should use KernelSel4Arch to query this. Platforms that
provide sub platforms such as exynos5 and subplatforms exynos5250,
exynos5410 and exynos5422 can be selected by specifying
KernelPlatform=exynos5, KernelARMPlatform=exynos5410 for example.

style: use consistent styling for all cmake files

Add .cmake-format.yaml which defines custom functions with kwargs to
style nicely

cmake: make pde_C an optional top-level type.

RISCV has its own model of page tables that doesn't have a distinguished
'directory' level.

Fix typo 'vulernable' in 2 files

x64: fix typo in CMake config

x86: Config option for RSB flush on context switch

This option can be enabled to prevent a user from performing a Spectre like attack on
another user through polluting the RSB.

x86: Config option for branch prediction barrier on context switch

This option can be enabled to prevent a user from performing a Spectre like attack on
another user through polluting the indirect branch predictor.

x86: Implement IBRS based Spectre mitigations

Provides the ability to enable the IBRS hardware Spectre mitigation strategies, as well
as completes the software mitigation by disabling jump tables in compilation. The
hardware mitigations are largely provided "for completeness" in the hopes that they
eventually become less expensive. For the moment there is no reason to turn on any
beyond STIBP if running in multicore

x64: SKIM window to mitigate Meltdown (CVE-2017-5754) on x86-64

Introduces a kernel option that, when enabled, reduces the kernel window in a user address
space to just be Static Kernel Image and Microstate (SKIM), instead of the full kernel
address space. This isolates the important kernel data from the user preventing a
Meltdown style attack being able to violate secrecy. The kernel text and read only data,
i.e. anything that is static from boot, is not secret and can be allowed in the SKIM window
and potentially read by the user. Additionally to switch to and from the actual kernel
address space a small amount of state needs to also be in the SKIM window.

This is only an implementation for x86-64, although the same design is applicable to ia32

x86: Dangerous read/write MSR interface

Provides a syscall interface for reading and writing arbitrary MSR values. This is
being introduced as an alternative to the DebugRun, as the main purpose of debug run
is for modifying the performance monitoring events via read/write MSR.

x86: Export PMC to user

Provides an option that, on kernel init, enables user reading of the performance
monitoring counters. This is a step towards removing the dependence on
seL4_DebugRun for user level benchmarking/profiling

Abstractly declare a threads registers have changed

This removes an #ifdef for x86-64 that was in generic code by declaring the generic
mechanism that is being used as an Arch_ function

cmake: Additional TOPLEVELTYPES for x86-64

x86: Configuration options for different multiboot headers

This allows for disabling a particular multiboot version if there are problems
using it with a particular loader.

Consistent capitalisation of XSave

Add a CMake based build system

This commit adds an alternate build system using CMake that operates indepenently of
the existing Kconfig+Kbuild+make based build system