Set up proper page permissions (in particular, N^X bit)

[andrisaar]

Our current page table setup code, inherited from rust-hypervisor-firmware, sets up identity paging for the lower 4G of memory and marks every page as WRITABLE:

https://github.com/project-oak/oak/blob/fd3ca98c97bb7b7129ecf7dd01f53e023fc76dd2/third_party/rust-hypervisor-firmware-boot/src/paging.rs#L26

This is obviously less than optimal, as this means that all the memory is both writable and executable (and thus fun things can happen when you overflow the stack, for example). We don't really have any use cases where we want pages to be both writable and executable.

We should ensure that:

• [ ] pages that contain executable code are not marked as WRITABLE;
• [ ] the rest of the pages may be marked as WRITABLE, but must be marked as NO_EXECUTE.