Support selective instrumentation, by binary analysis (offline or online)

[stephenrkell]

Instead of trapping all syscalls, some binary analysis can reveal (to the non-paranoid) that a given syscall site only ever makes a given syscall. If we're not interested in instrumenting it, we can leave that site as-is. Analysis needs to determine a statically known value of %rax at the call site, assuming something about entry points.