OvmfPkg/PlatformPei: Reserve GHCB backup pages if S3 is supported
    
    BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3108
    
    Protect the GHCB backup pages used by an SEV-ES guest when S3 is
    supported.
    
    Regarding the lifecycle of the GHCB backup pages:
      PcdOvmfSecGhcbBackupBase
    
    (a) when and how it is initialized after first boot of the VM
    
      If SEV-ES is enabled, the GHCB backup pages are initialized when a
      nested #VC is received during the SEC phase
      [OvmfPkg/Library/VmgExitLib/SecVmgExitVcHandler.c].
    
    (b) how it is protected from memory allocations during DXE
    
      If S3 and SEV-ES are enabled, then InitializeRamRegions()
      [OvmfPkg/PlatformPei/MemDetect.c] protects the ranges with an AcpiNVS
      memory allocation HOB, in PEI.
    
      If S3 is disabled, then these ranges are not protected. PEI switches to
      the GHCB backup pages in permanent PEI memory and DXE will use these
      PEI GHCB backup pages, so we don't have to preserve
      PcdOvmfSecGhcbBackupBase.
    
    (c) how it is protected from the OS
    
      If S3 is enabled, then (b) reserves it from the OS too.
    
      If S3 is disabled, then the range needs no protection.
    
    (d) how it is accessed on the S3 resume path
    
      It is rewritten same as in (a), which is fine because (b) reserved it.
    
    (e) how it is accessed on the warm reset path
    
      It is rewritten same as in (a).
    
    Cc: Jordan Justen <jordan.l.justen@intel.com>
    Cc: Laszlo Ersek <lersek@redhat.com>
    Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
    Cc: Anthony Perard <anthony.perard@citrix.com>
    Cc: Julien Grall <julien@xen.org>
    Cc: Brijesh Singh <brijesh.singh@amd.com>
    Reviewed-by: Laszlo Ersek <lersek@redhat.com>
    Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
    Message-Id: <119102a3d14caa70d81aee334a2e0f3f925e1a60.1610045305.git.thomas.lendacky@amd.com>