[$] Per-system-call kernel-stack offset randomization

In recent years, the kernel has (finally) upped its game when it comes tohardening. It is rather harder to compromise a running kernel than it usedto be. But "rather harder" is relative: attackers still manage to findways to exploit kernel bugs. One piece of information that can be helpfulto attackers is the location of the kernel stack; thispatch set from Kees Cook and Elena Reshetova may soon make thatinformation harder to come by and nearly useless in any case.