One might think of this as follow-on to XSA-451, but that's not quite
the right order of events.

There are a few open aspects; see individual patches.

v2, besides addressing small issues, is mainly a re-base over FRED
work finally having gone in.

1: record SSP at non-guest entry points
2: traps: use entry_ssp in fixup_exception_return()
3: prefer shadow stack for producing call traces

Jan