x86-urgent-2023-03-05

 - Return -EIO instead of success when the certificate buffer for SEV
   guests is not large enough.

 - Allow STIPB to be enabled with legacy IBSR. Legacy IBRS is cleared on
   return to userspace for performance reasons, but the leaves user space
   vulnerable to cross-thread attacks which STIBP prevents. Update the
   documentation accordingly.