aarch64: Introduce SLS mitigation for RET and BR instructions

aarch64: Introduce SLS mitigation for RET and BR instructions

Instructions following RET or BR are not necessarily executed.  In order
to avoid speculation past RET and BR we can simply append a speculation
barrier.

Since these speculation barriers will not be architecturally executed,
they are not expected to add a high performance penalty.

The speculation barrier is to be SB when targeting architectures which
have this enabled, and DSB SY + ISB otherwise.

We add tests for each of the cases where such an instruction was seen.

This is implemented by modifying each machine description pattern that
emits either a RET or a BR instruction.  We choose not to use something
like `TARGET_ASM_FUNCTION_EPILOGUE` since it does not affect the
`indirect_jump`, `jump`, `sibcall_insn` and `sibcall_value_insn`
patterns and we find it preferable to implement the functionality in the
same way for every pattern.

There is one particular case which is slightly tricky.  The
implementation of TARGET_ASM_TRAMPOLINE_TEMPLATE uses a BR which needs
to be mitigated against.  The trampoline template is used *once* per
compilation unit, and the TRAMPOLINE_SIZE is exposed to the user via the
builtin macro __LIBGCC_TRAMPOLINE_SIZE__.
In the future we may implement function specific attributes to turn on
and off hardening on a per-function basis.
The fixed nature of the trampoline described above implies it will be
safer to ensure this speculation barrier is always used.

Testing:
  Bootstrap and regtest done on aarch64-none-linux
  Used a temporary hack(1) to use these options on every test in the
  testsuite and a script to check that the output never emitted an
  unmitigated RET or BR.

1) Temporary hack was a change to the testsuite to always use
`-save-temps` and run a script on the assembly output of those
compilations which produced one to ensure every RET or BR is immediately
followed by a speculation barrier.

gcc/ChangeLog:

	* config/aarch64/aarch64-protos.h (aarch64_sls_barrier): New.
	* config/aarch64/aarch64.c (aarch64_output_casesi): Emit
	speculation barrier after BR instruction if needs be.
	(aarch64_trampoline_init): Handle ptr_mode value & adjust size
	of code copied.
	(aarch64_sls_barrier): New.
	(aarch64_asm_trampoline_template): Add needed barriers.
	* config/aarch64/aarch64.h (AARCH64_ISA_SB): New.
	(TARGET_SB): New.
	(TRAMPOLINE_SIZE): Account for barrier.
	* config/aarch64/aarch64.md (indirect_jump, *casesi_dispatch,
	simple_return, *do_return, *sibcall_insn, *sibcall_value_insn):
	Emit barrier if needs be, also account for possible barrier using
	"sls_length" attribute.
	(sls_length): New attribute.
	(length): Determine default using any non-default sls_length
	value.

gcc/testsuite/ChangeLog:

	* gcc.target/aarch64/sls-mitigation/sls-miti-retbr.c: New test.
	* gcc.target/aarch64/sls-mitigation/sls-miti-retbr-pacret.c:
	New test.
	* gcc.target/aarch64/sls-mitigation/sls-mitigation.exp: New file.
	* lib/target-supports.exp (check_effective_target_aarch64_asm_sb_ok):
	New proc.