FIX: Forbid lower-half noncanonical addresses too.
Apparently I forgot that lower-half addresses can be non-canonical too (e.g. 0x1337_0000_0000_0000), if bit 47 is clear, but the upper bits are set. The solution is to replace the BT instruction, with a TEST instruction, so that it fails if any of bits 63:47 are set. This is the intended behavior, to check that it is both canonical, and lower-half.