target/i386: Expose IBPB-BRTYPE and SBPB CPUID bits to the guest

According to AMD's Speculative Return Stack Overflow whitepaper (link
below), the hypervisor should synthesize the value of IBPB_BRTYPE and
SBPB CPUID bits to the guest.

Support for this is already present in the kernel with commit
e47d86083c66 ("KVM: x86: Add SBPB support") and commit 6f0f23ef76be
("KVM: x86: Add IBPB_BRTYPE support").

Add support in QEMU to expose the bits to the guest OS.

host:
  # cat /sys/devices/system/cpu/vulnerabilities/spec_rstack_overflow
  Mitigation: Safe RET

before (guest):
  $ cpuid -l 0x80000021 -1 -r
  0x80000021 0x00: eax=0x00000045 ebx=0x00000000 ecx=0x00000000 edx=0x00000000
                            ^
  $ cat /sys/devices/system/cpu/vulnerabilities/spec_rstack_overflow
  Vulnerable: Safe RET, no microcode

after (guest):
  $ cpuid -l 0x80000021 -1 -r
  0x80000021 0x00: eax=0x18000045 ebx=0x00000000 ecx=0x00000000 edx=0x00000000
                            ^
  $ cat /sys/devices/system/cpu/vulnerabilities/spec_rstack_overflow
  Mitigation: Safe RET

Reported-by: Fabian Vogt <fvogt@suse.de>
Link: https://www.amd.com/content/dam/amd/en/documents/corporate/cr/speculative-return-stack-overflow-whitepaper.pdf
Signed-off-by: Fabiano Rosas <farosas@suse.de>
Link: https://lore.kernel.org/r/20240805202041.5936-1-farosas@suse.de
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

target/i386/cpu.c

@@ -1221,8 +1221,8 @@ FeatureWordInfo feature_word_info[FEATURE_WORDS] = {
             NULL, NULL, NULL, NULL,
             NULL, NULL, NULL, NULL,
             NULL, NULL, NULL, NULL,
-            NULL, NULL, NULL, NULL,
-            NULL, NULL, NULL, NULL,
+            NULL, NULL, NULL, "sbpb",
+            "ibpb-brtype", NULL, NULL, NULL,
         },
         .cpuid = { .eax = 0x80000021, .reg = R_EAX, },
         .tcg_features = 0,