x86/bugs: Clean up SRSO microcode handling

SRSO microcode only exists for Zen3/Zen4 CPUs.  For those CPUs, the microcode
is required for any mitigation other than Safe-RET to be effective.  Safe-RET
can still protect user->kernel and guest->host attacks without microcode.

Clarify this in the code and ensure that SRSO_MITIGATION_UCODE_NEEDED is
selected for any mitigation besides Safe-RET if the required microcode isn't
present.

Signed-off-by: David Kaplan <david.kaplan@amd.com>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Link: https://lore.kernel.org/20250625155805.600376-4-david.kaplan@amd.com