Capability checking added as compiling code.

Capability checking for thread_control, exregs, mutex, cap_control,
ipc, and map system calls.

The visualised model is implemented in code that compiles, but
actual functionality hasn't been tested.

Need to add:
- Dynamic assignment of initial resources matching with what's
defined in the configuration.
- A paged-thread-group, since that would be a logical group of
seperation from a capability point-of-view.
- Resource ids for various tasks. E.g.
  - Memory capabilities don't have target resources.
  - Thread capability assumes current container for THREAD_CREATE.
  - Mutex syscall assumes current thread (this one may not need
    any changing)
  - cap_control syscall assumes current thread. It may happen to
    be that another thread's capability list is manipulated.

Last but not least:
- A simple and easy-to-use userspace library for dynamic expansion
  of resource domains as new resources are created such as threads.

src/api/mutex.c

@@ -239,7 +239,17 @@ int sys_mutex_control(unsigned long mutex_address, int mutex_op)
 		return -EINVAL;
 	}
 
-	/* Find and check physical address for virtual mutex address */
+	if ((ret = cap_mutex_check(mutex_address, mutex_op)) < 0)
+		return ret;
+
+	/*
+	 * Find and check physical address for virtual mutex address
+	 *
+	 * FIXME: Could we check this as a capability? Perhaps not
+	 * since not always the caller but its pager possesses
+	 * relevant memory capability. Maybe check on behalf of
+	 * its pager?
+	 */
 	if (!(mutex_physical =
 		virt_to_phys_by_pgd(mutex_address,
 				    TASK_PGD(current))))