[$] Guest-first memory for KVM

One of the core objectives of any confidential-computing implementation isto protect a guest system's memory from access by actors outside of theguest itself. The host computer and hypervisor are part of the group thatis to be excluded from such access; indeed, they are often seen as threat in their own right. Hardware vendors have added features like memoryencryption to make memory inaccessible to the host, but such features canbe difficult to use and are not available on all CPUs, so there is ongoinginterest in software-only solutions that can improve confidentiality. Theguest-firstmemory patch set, posted by Sean Christopherson and containing work byseveral developers, looks poised to bring some software-based protection toan upcoming kernel release.