ANDROID: x86_64: [TEMP] Enable INTEL_IOMMU

pKVM-IA requires Intel IOMMU support for enforcing DMA isolation of
protected VMs memory. Also regardless of pKVM, we want to enable IOMMU
on chromebooks to enforce DMA isolation of untrusted devices (e.g. WiFi,
external Thunderbolt devices) within the host.

By default enable IOMMU in PASSTHROUGH mode, i.e. with identity mapping
(i.e. no DMA isolation within the host), to avoid pKVM's IOMMU
virtualization overhead for most devices (except untrusted devices, for
which kernel will enforce STRICT mode instead of PASSTHROUGH anyway).

Signed-off-by: Dmytro Maluka <dmaluka@google.com>

Bug: 349990461
Test: "grep . /sys/bus/pci/devices/*/iommu_group/type" shows IOMMU
domains of PCI devices.

Change-Id: I2b0a79111ca8de02063ecd5e9f5a8032720804d6
Signed-off-by: Dmytro Maluka <dmaluka@google.com>