[kernel] Add capabilities to handles

This change finally adds capabilities to handles. Included changes:

- j6_handle_t is now again 64 bits, with the highest 8 bits being a type
  code, and the next highest 24 bits being the capability mask, so that
  programs can check type/caps without calling the kernel.
- The definitions grammar now includes a `capabilities [ ]` section on
  objects, to list what capabilities are relevant.
- j6/caps.h is auto-generated from object capability lists
- init_libj6 again sets __handle_self and __handle_sys, this is a bit
  of a hack.
- A new syscall, j6_handle_list, will return the list of existing
  handles owned by the calling process.
- syscall_verify.cpp.cog now actually checks that the needed
  capabilities exist on handles before allowing the call.

src/user/srv.init/main.cpp

@@ -1,6 +1,9 @@
 #include <stdio.h>
+#include <stdlib.h>
 
+#include <j6/errors.h>
 #include <j6/syscalls.h>
+#include <j6/types.h>
 #include <bootproto/init.h>
 
 #include "loader.h"
@@ -16,15 +19,15 @@ extern "C" {
 
 uintptr_t _arg_modules_phys;   // This gets filled in in _start
 
-j6_handle_t handle_self   = 1; // Self program handle is always 1
-j6_handle_t handle_system = 2; // boot protocol is that init gets the system as handle 2
+extern j6_handle_t __handle_self;
+extern j6_handle_t __handle_sys;
 
 int
 main(int argc, const char **argv)
 {
     j6_log("srv.init starting");
 
-    modules mods = modules::load_modules(_arg_modules_phys, handle_system, handle_self);
+    modules mods = modules::load_modules(_arg_modules_phys, __handle_sys, __handle_self);
 
     for (auto &mod : mods.of_type(module_type::program)) {
         auto &prog = static_cast<const module_program&>(mod);