UserspaceEmulator: Catch use-after-frees by tracking malloc/free :^)

This patch introduces a "MallocTracer" to the UserspaceEmulator.
If this object is present on the Emulator, it can be notified whenever
the emulated program does a malloc() or free().

The notifications come in via a magic instruction sequence that we
embed in the LibC malloc() and free() functions. The sequence is:

    "salc x2, push reg32 x2, pop reg32 x3"

The data about the malloc/free operation is in the three pushes.
We make sure the sequence is harmless when running natively.

Memory accesses on MmapRegion are then audited to see if they fall
inside a known-to-be-freed malloc chunk. If so, we complain loud
and red in the debugger output. :^)

This is very, very cool! :^)

It's also a whole lot slower than before, since now we're auditing
memory accesses against a new set of metadata. This will need to be
optimized (and running in this mode should be opt-in, perhaps even
a separate program, etc.)

DevTools/UserspaceEmulator/Emulator.h

@@ -26,6 +26,7 @@
 
 #pragma once
 
+#include "MallocTracer.h"
 #include "SoftCPU.h"
 #include "SoftMMU.h"
 #include <AK/Types.h>
@@ -35,6 +36,8 @@
 
 namespace UserspaceEmulator {
 
+class MallocTracer;
+
 class Emulator {
 public:
     static Emulator& the();
@@ -49,12 +52,18 @@ public:
 
     SoftMMU& mmu() { return m_mmu; }
 
+    MallocTracer* malloc_tracer() { return m_malloc_tracer; }
+
+    bool is_in_malloc_or_free() const;
+
 private:
     NonnullRefPtr<ELF::Loader> m_elf;
 
     SoftMMU m_mmu;
     SoftCPU m_cpu;
 
+    OwnPtr<MallocTracer> m_malloc_tracer;
+
     void setup_stack(const Vector<String>& arguments);
 
     int virt$shbuf_create(int size, FlatPtr buffer);