Use direct map removed guest_memfd for backing "secret free" VMs

[roypat]

Changes

Add a secret_free parameter to the API, which indicates to Firecracker that non-swiotlb memory should be backed by guest_memfd, and that this guest_memfd should be initialized in a way such that its direct map entries are zapped.

Reason

...

License Acceptance

By submitting this pull request, I confirm that my contribution is made under
the terms of the Apache 2.0 license. For more information on following Developer
Certificate of Origin and signing off your commits, please check
CONTRIBUTING.md.

PR Checklist

• I have read and understand CONTRIBUTING.md.
• I have run tools/devtool checkstyle to verify that the PR passes the
  automated style checks.
• I have described what is done in these changes, why they are needed, and
  how they are solving the problem in a clear and encompassing way.
• I have updated any relevant documentation (both in code and in the docs)
  in the PR.
• I have mentioned all user-facing changes in CHANGELOG.md.
• If a specific issue led to this PR, this PR closes the issue.
• When making API changes, I have followed the
  Runbook for Firecracker API changes.
• I have tested all new and changed functionalities in unit tests and/or
  integration tests.
• I have linked an issue to every new TODO.

---

• This functionality cannot be added in rust-vmm.

[codecov]

Codecov Report

Attention: Patch coverage is 69.18429% with 102 lines in your changes missing coverage. Please review.

Project coverage is 82.73%. Comparing base (71e33a0) to head (df1780d).
Report is 13 commits behind head on feature/secret-hiding.

Files with missing lines	Patch %	Lines
src/vmm/src/vstate/vm.rs	54.76%	38 Missing ⚠️
src/vmm/src/resources.rs	58.62%	36 Missing ⚠️
src/vmm/src/builder.rs	54.34%	21 Missing ⚠️
src/vmm/src/vstate/memory.rs	91.46%	7 Missing ⚠️

Additional details and impacted files

@@                    Coverage Diff                    @@
##           feature/secret-hiding    #5131      +/-   ##
=========================================================
- Coverage                  82.86%   82.73%   -0.13%     
=========================================================
  Files                        251      251              
  Lines                      27291    27522     +231     
=========================================================
+ Hits                       22614    22771     +157     
- Misses                      4677     4751      +74     

Flag	Coverage Δ
5.10-c5n.metal	83.20% <66.05%> (-0.18%)	⬇️
5.10-m5n.metal	83.20% <66.05%> (-0.18%)	⬇️
5.10-m6a.metal	82.37% <66.05%> (-0.18%)	⬇️
5.10-m6g.metal	79.07% <65.84%> (-0.16%)	⬇️
5.10-m6i.metal	83.19% <66.05%> (-0.19%)	⬇️
5.10-m7a.metal-48xl	82.37% <66.05%> (-0.17%)	⬇️
5.10-m7g.metal	79.07% <65.84%> (-0.16%)	⬇️
6.1-c5n.metal	83.24% <66.05%> (-0.17%)	⬇️
6.1-m5n.metal	83.24% <66.05%> (-0.17%)	⬇️
6.1-m6a.metal	82.41% <66.05%> (-0.18%)	⬇️
6.1-m6g.metal	79.07% <65.84%> (-0.16%)	⬇️
6.1-m6i.metal	83.24% <66.05%> (-0.18%)	⬇️
6.1-m7a.metal-48xl	82.41% <66.05%> (-0.18%)	⬇️
6.1-m7g.metal	79.07% <65.84%> (-0.16%)	⬇️
6.14-c5n.metal	83.20% <63.60%> (-0.22%)	⬇️
6.14-m5n.metal	83.21% <63.60%> (-0.21%)	⬇️
6.14-m6a.metal	82.39% <63.60%> (-0.20%)	⬇️
6.14-m6g.metal	79.03% <63.38%> (-0.19%)	⬇️
6.14-m6i.metal	83.20% <63.60%> (-0.22%)	⬇️
6.14-m7a.metal-48xl	82.38% <63.60%> (-0.21%)	⬇️
6.14-m7g.metal	79.03% <63.38%> (-0.19%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.