mm: mprotect: arm64: Handle metadata storage for mprotect(PROT_MTE)

To enable tagging on a memory range, userspace can use mprotect() with the
PROT_MTE protection flag. Handling for the metadata storage for pages
present in the address range is done in two steps:

1. Metadata pages cannot be themselves tagged, and they must be migrated.

This is done before the VMA flags are reset or the new page protections
are set because otherwise the page that is replacing the metadata page
would also have to have metadata storage reserved, and the associated
metadata storage might happen to be exactly the metadata page that is being
migrated.

2. The existing pages will have their metadata storage reserved. If that
fails, then the page is migrated out of the process address space.

This is done after the new VMA flags and page protections are set, as
tagged pages can only be mapped in VM_MTE VMAs.

If any of the two steps fail, then the mprotect() will also fail with the
-EACCES error code, because the process won't be able to assign metadata
for the pages in question.