ANDROID: pkvm: x86: Memory protection with legacy IOMMU in pass-through mode

Add initial support for secure VM memory protection from DMA in legacy
IOMMU mode. For now protection is ensured only for cases when the host
sets translation type CONTEXT_TT_PASS_THROUGH in vIOMMU context entry,
i.e. when the host itself doesn't use any address translation for the
given device. In this case, in the shadow context entry we change
translation type to CONTEXT_TT_MULTI_LEVEL to enforce translation, and
use the host EPT as the IOMMU page tables.

Also, like in scalable mode, ensure that device TLB is disabled:
when the host sets translation type CONTEXT_TT_DEV_IOTLB, we change it
to CONTEXT_TT_MULTI_LEVEL to forbid device TLB but still allow
regular untranslated requests.

Bug: 395299836
Test: Boot, verify cpus are de-privileged and run a minimal protected vm.

Change-Id: Ib03b3b16bf7f87d475abd5fcaba71298fddafb7f
Signed-off-by: Dmytro Maluka <dmy@semihalf.com>
Signed-off-by: Vineeth Pillai <vineethrp@google.com>