ImmutAfterInitCell states that the init() method should not be called
on an already initialized instance, but KERNEL_MAPPING is initialized
via ImmutAfterInitCell::new() first, and then via the aforementioned
init() method. At the moment this requirement is not enforced in any
way,(ImmutAfterInitCell::reinit() just calls init()), but this will
not hold in the future.

Create the global structure with ImmutAfterInitCell::uninit(), since
there should be no users of the mapping before the call to
init_kernel_mapping_info(), which happens very early in the boot
process for both the stage 2 and the proper SVSM.

Signed-off-by: Carlos López <carlos.lopez@suse.com>

Add debug-only runtime checks for ImmutAfterInitCell. This prevents
using an uninitialized cell, as well as unintended double
initialization bugs. As a consequence, ImmutAfterInitCell::init() and
reinit() no longer need to be unsafe, since checks are done before
accessing the inner type.

To keep track of the initialization state we use an AtomicBool with
relaxed ordering, for code simplicity reasons.

Signed-off-by: Carlos López <carlos.lopez@suse.com>

No safety runtime checks are performed in release builds, so mark the
error variant of the return type for failable functions as
core::convert::Infallible.

Signed-off-by: Carlos López <carlos.lopez@suse.com>

Remove the Copy requirement for any T under the ImmutAfterInit* types,
since it is not needed.

Signed-off-by: Carlos López <carlos.lopez@suse.com>