vmm(4): add ipi for vmclear, unlock kernel

vmm(4): add ipi for vmclear, unlock kernel

On Intel VMX hosts, when a guest migrates cpus, VMCS state needs
to be flushed to physical memory before being reloaded on the new
cpu. This diff adds a new ipi to allow a guest resuming on a new
cpu to signal to the old that it needs to vmclear.

To better surface the potential race conditions, unlock the kernel
after handling the ioctl to vmm and simplify the run loops for both
vmx and svm. This requires a new vcpu lock.

Tested by some on tech@. "go for it" @mlarkin