iommu/arm-smmu: restrict secure vmid update while attached

Client can update secure vmid by setting attribute DOMAIN_ATTR_SECURE_VMID.
If this is done after domain attach, it causes a condition where TTBR pages
aren't mapped to secure VMID.  This causes S2 translation fault. Disallow
secure vmid update if domain is attached.
While we are at it, restrict DOMAIN_ATTR_FAST update while domain is
attached.

Change-Id: I4246f1f90a11ed21dfafa360cc2f16ade2708d2b
Signed-off-by: Prakash Gupta <guptap@codeaurora.org>