ANDROID: KVM: arm64: Handle permsission faults for non-protected guests

When pKVM is enabled, all guest stage-2 page-table mappings have a
hardcoded RWX permission for simplicity. However it is desirable for
performance reasons to make those mappings executable in a lazy fashion,
and RO memslots and dirty logging require non-writable mappings.
As such, let's change the default permission for non-protected guests to
be RO, and handle exec and write faults from the user_mem_abort() path
using the recently introduced __pkvm_host_relax_guest_perms() hypercall.

As a nice side effect, handling write faults lazily allows to defer
marking pages dirty in the host until they have indeed been dirtied by
the guest. This gives the opportunity to map page-cache pages into
non-protected guests as long as they remain clean (see comment in
pkvm_mem_abort() about page-cache pages). Allowing this sort of pattern
is notably required when using Qemu as a VMM.

Bug: 357781595
Change-Id: Ia5ce51cd62af4502338689cf4e3121dedcd7af0d
Signed-off-by: Quentin Perret <qperret@google.com>