Merge branch '2022-06-08-virtio-harden-and-test-vring' into next

To quote the author:
Make the virtio ring code resilient against corruption of the buffers
shared with the device.

It follows the example of Linux by keeping a private copy of the
descriptors and metadata for state tracking and only ever writing to the
descriptors that are shared with the device. I was able to test these
hardening steps in the sandbox by simulating device writes to the
queues.