OvmfPkg: Reserve a page in memory for the SEV-ES usage
    
    BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2198
    
    Reserve a fixed area of memory for SEV-ES use and set a fixed PCD,
    PcdSevEsWorkAreaBase, to this value.
    
    This area will be used by SEV-ES support for two purposes:
      1. Communicating the SEV-ES status during BSP boot to SEC:
         Using a byte of memory from the page, the BSP reset vector code can
         communicate the SEV-ES status to SEC for use before exception
         handling can be enabled in SEC. After SEC, this field is no longer
         valid and the standard way of determine if SEV-ES is active should
         be used.
    
      2. Establishing an area of memory for AP boot support:
         A hypervisor is not allowed to update an SEV-ES guest's register
         state, so when booting an SEV-ES guest AP, the hypervisor is not
         allowed to set the RIP to the guest requested value. Instead an
         SEV-ES AP must be re-directed from within the guest to the actual
         requested staring location as specified in the INIT-SIPI-SIPI
         sequence.
    
         Use this memory for reset vector code that can be programmed to have
         the AP jump to the desired RIP location after starting the AP. This
         is required for only the very first AP reset.
    
    Cc: Jordan Justen <jordan.l.justen@intel.com>
    Cc: Laszlo Ersek <lersek@redhat.com>
    Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
    Reviewed-by: Laszlo Ersek <lersek@redhat.com>
    Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
    Regression-tested-by: Laszlo Ersek <lersek@redhat.com>