Recognize thread-local storage sections in binaries, and communicate it through specifications

[pgoodman]

At least with x86, when we see code using the fsbase or gsbase, we (as of #216) lift using LLVM's address space feature. This ends up producing code that looks like the following:

; Function Attrs: noinline
define i64 @sub_402380__Avl_B_0() #0 {
  %1 = load i64, i64* inttoptr (i64 add (i64 ptrtoint (i8* addrspacecast (i8 addrspace(257)* null to i8*) to i64), i64 40) to i64*), align 8
  call void @sub_407260__Avv_B_0()
  %2 = call i32 @__cxa_atexit(void (i8*)* nonnull @_ZNSt8ios_base4InitD1Ev, i8* nonnull getelementptr inbounds ([1 x i8], [1 x i8]* @var_4071d1__Cbx1_D, i32 0, i32 0), i8* nonnull getelementptr inbounds ([1 x i8], [1 x i8]* @var_4071c8__Cbx1_D, i32 0, i32 0))
  %3 = load i64, i64* getelementptr (i64, i64* addrspacecast (i64 addrspace(257)* null to i64*), i64 5), align 8
  %4 = icmp eq i64 %3, %1
  br i1 %4, label %7, label %5

5:                                                ; preds = %0
  call void @__stack_chk_fail()
  %6 = call %struct.Memory* @__remill_error(%struct.State* undef, i64 4203458, %struct.Memory* null)
  br label %8

7:                                                ; preds = %0
  br label %8

8:                                                ; preds = %7, %5
  ret i64 %3
}

Really, we probably want to identify that some data areas are thread-local, and have a way of communicating this in specifications. Then, we'd want to introduce address-space offset-aware folding into the entity use recovery code, to recover references back to these thread-local data structures.