Expose ARCH_CAP_MDS_NO in guest

Description:

MDS_NO is bit 5 of ARCH_CAPABILITIES. Expose this bit to guest.

Target Qemu: 4.1

The specific upstream commit is 20140a82c67467f53814ca197403d5e1b561a5e5 and is incorporated into qemu 1:3.1+dfsg-2ubuntu3.1 in disco-security (19.04) and 1:3.1+dfsg-2ubuntu4 in eoan-proposed. For backporting to cosmic and older, I believe it requires the infrastructure to support IA32_ARCH_CAPABILITIES in place.

This is done upstream, no need for the upstream bug task.
For Ubuntu I'll update the tasks to match the statement of sbeattie.
There are discussions to reconsider some of the backports, but unfortunately the IA32_ARCH_CAPABILITIES infrastructure is a rather big set of changes.

This effort, if done, would be done together with:

https://bugs.launchpad.net/intel/+bug/1828495

Please read comments:

https://bugs.launchpad.net/intel/+bug/1828495/comments/8

and

https://bugs.launchpad.net/intel/+bug/1828495/comments/10

I'm marking this bug as a duplicate of LP: #1828495 since both are asking for mitigations pass-through to i386 kvm guests and I'm preparing a fix for both simultaneously.

Commit:

https://bugs.launchpad.net/intel/+bug/1828495/comments/42

Addresses exactly this bug fix.