Enable the Xen hypervisor ACM security policy to be determined at boot

Enable the Xen hypervisor ACM security policy to be determined at boot
time (instead of at compile time). Allows a single xen.gz binary to
run under different security policy types, which simplifies
distributions considerably. To this end, we replace the current single
compile switch in Config.mk with the following two:

1. ACM_SECURITY (y/n) if "n", then the ACM is not compiled and no security
policies can be configured at boot time. If "y", then the ACM is compiled
and can be configured into any of the available policy types (null,
chwall, ste, chwall_ste) by specifying a valid boot policy .bin file in
the grub boot configuration.

2. ACM_DEFAULT_SECURITY_POLICY (null / chwall / ste / chwall_ste)
specifies the policy into which Xen defaults in the case that security is
enabled but no boot policy file is specified, or the specified policy file
is invalid (wrong version, magic, corrupted, ...)

While the type of the enabled policy (null, ste, ...) is decided once
during boot for the whole boot cycle, the policy instantiation can be
changed during operation as usual with the security tools.

Signed-off by: Tomas Lendacky <toml@us.ibm.com>
Signed-off by: Reiner Sailer <sailer@us.ibm.com>