[krbdev.mit.edu #6034] rework gic_opt_ext to be more portable

[Greg Hudson via RT]

A related problem is that the opt_to_opte contract is not nestable.  If
you pass in an options structure which is already the result of an
opt_to_opte copy, you will get an alias (because the structure is
extended) which looks like a copy (because the shadowed flag was already
set).

It is also hard for a static analysis tool to detect memory leaks
related to opt_to_opte because of its "maybe a copy, maybe an alias"
contract.

These problems can be patched up in a variety of ways (such as by using
a reference count instead of the shadowed flag), but my favorite is to
get rid of the copies entirely.  To do this, we'd pass around pointers
to the unextended options structure everywhere, and use accessor
functions or macros when reading extended options fields.  The accessor
would return a default value if the structure is not extended, and would
cast the pointer to the extended structure and retrieve the field if it is.

I'm making these notes here since both fixes involve visiting every
piece of code which touches an options structure.