Kernel: Add a way to specify which memory regions can make syscalls

This patch adds sys$msyscall() which is loosely based on an OpenBSD
mechanism for preventing syscalls from non-blessed memory regions.

It works similarly to pledge and unveil, you can call it as many
times as you like, and when you're finished, you call it with a null
pointer and it will stop accepting new regions from then on.

If a syscall later happens and doesn't originate from one of the
previously blessed regions, the kernel will simply crash the process.

Kernel/Process.h

@@ -266,6 +266,7 @@ public:
     int sys$set_mmap_name(Userspace<const Syscall::SC_set_mmap_name_params*>);
     int sys$mprotect(void*, size_t, int prot);
     int sys$madvise(void*, size_t, int advice);
+    int sys$msyscall(void*);
     int sys$purge(int mode);
     int sys$select(const Syscall::SC_select_params*);
     int sys$poll(Userspace<const Syscall::SC_poll_params*>);
@@ -510,6 +511,8 @@ public:
 
     PerformanceEventBuffer* perf_events() { return m_perf_event_buffer; }
 
+    bool enforces_syscall_regions() const { return m_enforces_syscall_regions; }
+
 private:
     friend class MemoryManager;
     friend class Scheduler;
@@ -648,6 +651,8 @@ private:
 
     RefPtr<Timer> m_alarm_timer;
 
+    bool m_enforces_syscall_regions { false };
+
     bool m_has_promises { false };
     u32 m_promises { 0 };
     bool m_has_execpromises { false };