[kernel] Improve VMA lifecycle

The vm_area objects had a number of issues I have been running into when
working on srv.init:

- It was impossible to map a VMA, fill it, unmap it, and hand it to
  another process. Unmapping the VMA in this process would cause all the
  pages to be freed, since it was removed from its last mapping.
- If a VMA was marked with vm_flag::zero, it would be zeroed out _every
  time_ it was mapped into a vm_space.
- The vm_area_open class was leaking its page_tree nodes.

In order to fix these issues, the different VMA types all work slightly
differently now:

- Physical pages allocated for a VMA are now freed when the VMA is
  deleted, not when it is unmapped.
- A knock-on effect from the first point is that vm_area_guarded is now
  based on vm_area_open, instead of vm_area_untracked. An untracked area
  cannot free its pages, since it does not track them.
- The vm_area_open type now deletes its root page_tree node. And
  page_tree nodes will delete child nodes or free physical pages in
  their dtors.
- vm_flag::zero has been removed; pages will need to be zeroed out
  further at a higher level.
- vm_area also no longer deletes itself only on losing its last handle -
  it will only self-delete when all handles _and_ mappings are gone.

src/kernel/vm_space.h

@@ -107,7 +107,6 @@ public:
 
 private:
     friend class vm_area;
-    friend class vm_mapper_multi;
 
     /// Find a given VMA in this address space
     bool find_vma(const vm_area &vma, uintptr_t &base) const;
@@ -118,6 +117,9 @@ private:
     /// Copy a range of mappings from the given address space 
     void copy_from(const vm_space &source, const vm_area &vma);
 
+    /// Remove an area's mappings from this space
+    void remove_area(vm_area *area);
+
     bool m_kernel;
     page_table *m_pml4;