[$] Better CPU vulnerability mitigation configuration

Modern CPUs all have multiple hardware vulnerabilities that the kernel needs to mitigate;the 6.13 kernel has workarounds for 14 security-sensitive CPU bugs just on x86_64.Several of those have multiple variants,or multiple mitigations that apply on different microarchitectures. There aredifferent kernel command-line options for each of these mitigations, which leadsto a confusing situation for users trying to figure out how to configure theirsystems. David Kaplan recently posteda patch set that adds a single, unified command-line option for controllingmitigations andsimplifies the logic for detecting, configuring, andapplying them as well.If it is merged, the patch set couldmake it much easier for users to navigate the complicated web of CPUvulnerabilities and their mitigations.