Remove `exit` callgate and rework `__wrap_main` to end in ld.so compartment

[ayrtonm]

DSOs may implicitly define global destructors which run after main. We ensure these run in the given DSO's compartment with ia2_compartment_destructor_N in runtime/libia2/include/ia2_compartment_init.inc, but this assumes that we switch back to the untrusted compartment after main/in exit. To avoid needing callgates for all the ld.so functions that run after main we should remain in ld.so's compartment instead. To do this we'll need to

• remove the callgate for exit (possibly under some build flag)
• rework main to return to ld.so's compartment (could use 1 for simplicity/until runtime/libia2: Set initial compartment from ia2_start #589 lands)
• tweak the ia2_compartment_destructor_N callgates to assume the caller is in that same compartment.

[ayrtonm]

Might be worthwhile to gate this change under some preprocessor/cmake flag.