ANDROID: pkvm: vmx: Hide l1d contents of the pVM from the host

Add the l1d flushing support before entering the host VM. The l1d can
hold the contents of a pVM if its vcpu has run. The l1d contents should
be flushed before switching to the host VM to mitigate the l1tf attack.
Set the l1tf_flush_l1d flag for the host vcpu when a pVM is going to run
via the __pkvm__vcpu_run PV interface, so that the l1d can be flushed
before returning back to the host VM.

Bug: 420681877
Upstream-Task: 402758258

Change-Id: I1535597b0ced0e6cc2b78e8a85affa3cb23456b3
Signed-off-by: Chuanxiao Dong <chuanxiao.dong@intel.com>