Usercopy migration

Big MR: replaces the use of validate_* functions, and the use of Rust refs/slices pointing to user memory, with UserSlice. Hence, EFAULT is handled lazily if the kernel page faults inside the inner usercopy function.

It also makes UserScheme use the syscall_head/syscall_tail buffers, and allows identical contiguous grants to be merged (thus forcing physunmap to be removed) not yet.

Last but not least, it enables UMIP+SMEP+SMAP if supported by the CPU. SMAP can be disabled in Cargo.toml.

Requires syscall!74 (merged) and drivers!93 (merged).

Also fixes error-code page fault handlers on x86_32. All three supported platforms are also supported in this MR, although I'm unsure if the aarch64 code is formally correct.

Fixes #82 (closed) and #115 (closed).