Enable the NX bit on x86_64 and set if not PROT_EXEC and enable the write
protection mode (CR0.WP) that disables the default behavior where the kernel
is able to write to read-only memory. Fix kernel broken assumptions it can
access read-only memory and take care to never set PROT_KWRITE on user-space
pages unless PROT_WRITE is also set, otherwise user-space will be able to
write to read-only memory.
This achieves X^W in the whole system except for the core kernel itself as
it is currently don't know the purpose of pages when identity mapping the
first 4 MiB.
