Revise OP-TEE ShmInfo to ensure byte-length bound check

[sangho2]

This PR revises OP-TEE shim's ShmInfo to ensure byte-length bound check. Previously, ShmInfo only maintained an array of physical addresses and a start offset, such that its bound check was coarse-grained. A fine-grained check is needed to avoid confused-deputy attacks (i.e., preventing VTL1 kernel from corrupting some VTL0 bytes due to a page/byte gap).

[github-actions]

🤖 SemverChecks 🤖 ⚠️ Potential breaking API changes detected ⚠️

Click for details

--- failure method_parameter_count_changed: pub method parameter count changed ---

Description:
A publicly-visible method now takes a different number of parameters, not counting the receiver (self) parameter.
        ref: https://doc.rust-lang.org/cargo/reference/semver.html#fn-change-arity
       impl: https://github.com/obi1kenobi/cargo-semver-checks/tree/v0.47.0/src/lints/method_parameter_count_changed.ron

Failed in:
  litebox_shim_optee::msg_handler::ShmInfo::new takes 2 parameters in /home/runner/work/litebox/litebox/target/semver-checks/git-main/9994096a84e94f5a24349977a7bb888f46aca148/litebox_shim_optee/src/msg_handler.rs:604, but now takes 3 parameters in /home/runner/work/litebox/litebox/litebox_shim_optee/src/msg_handler.rs:618