soc: qcom: Add kernel_protect library and initcall

It's good security practice to make your executable code read-only.  On
hypervisor-enabled targets, this can be trivially accomplished by
removing the writable attribute from all stage-2 mappings of the kernel
text.  Add a small library and initcall to do this.

Due to constraints on the hypervisor, this needs to happen before all of
the cores are brought out of reset, so make it an early_initcall.

Change-Id: I2d3ee4ad69402d98f0f6a9078c58e66cd227d222
Signed-off-by: Mitchel Humpherys <mitchelh@codeaurora.org>