Kernel: Add a way to specify which memory regions can make syscalls

This patch adds sys$msyscall() which is loosely based on an OpenBSD
mechanism for preventing syscalls from non-blessed memory regions.

It works similarly to pledge and unveil, you can call it as many
times as you like, and when you're finished, you call it with a null
pointer and it will stop accepting new regions from then on.

If a syscall later happens and doesn't originate from one of the
previously blessed regions, the kernel will simply crash the process.

Kernel/VM/Region.cpp

@@ -105,6 +105,7 @@ OwnPtr<Region> Region::clone(Process& new_owner)
             region->copy_purgeable_page_ranges(*this);
         region->set_mmap(m_mmap);
         region->set_shared(m_shared);
+        region->set_syscall_region(is_syscall_region());
         return region;
     }
 
@@ -127,6 +128,7 @@ OwnPtr<Region> Region::clone(Process& new_owner)
         ASSERT(vmobject().is_anonymous());
         clone_region->set_stack(true);
     }
+    clone_region->set_syscall_region(is_syscall_region());
     clone_region->set_mmap(m_mmap);
     return clone_region;
 }

Kernel/VM/Region.h

@@ -247,6 +247,9 @@ public:
 
     RefPtr<Process> get_owner();
 
+    bool is_syscall_region() const { return m_syscall_region; }
+    void set_syscall_region(bool b) { m_syscall_region = b; }
+
 private:
     bool do_remap_vmobject_page_range(size_t page_index, size_t page_count);
 
@@ -282,6 +285,7 @@ private:
     bool m_stack : 1 { false };
     bool m_mmap : 1 { false };
     bool m_kernel : 1 { false };
+    bool m_syscall_region : 1 { false };
     WeakPtr<Process> m_owner;
 };