Rewrite cmake files to simplify build system

[rinon]

Replaces the define_test and define_shared_lib functions with a more generic and hopefully cleaner add_ia2_compartment function.

[fw-immunant]

Mostly looks good, but I don't understand the second commit. Were we padding the TLS segment of partition-alloc before? I don't think we should need to do this, because we don't pkey_mprotect its thread locals as it isn't itself "in" any compartment. That said, I don't think I thought hard about the interaction of TLS usage in partition-alloc with our TLS scheme; I don't think I had really realized it was using TLS at all.

It does, though, for partition_alloc::(anonymous namespace)::g_disallow_allocations, partition_alloc::internal::(anonymous namespace)::ReentrantScannerGuard::guard_, partition_alloc::internal::g_thread_cache, partition_alloc::internal::base::(anonymous namespace)::g_thread_id, and partition_alloc::internal::base::(anonymous namespace)::g_is_main_thread.

[ayrtonm]

LGTM with mostly minor nits. There's just one case we need to fix where the -include flag is wrong and there's an issue with the partition alloc target that nginx tries to build.

[ayrtonm]

@rinon I saw you effectively removed the NEEDS_LD_WRAP from the new cmake functions and I think passing an ld args file unconditionally is fine here. For the objcopy step added in #300 (that's implemented in a similar way) were you also planning on doing that unconditionally or keeping NEEDS_OBJCOPY_FILE?

[ayrtonm]

I'm rebasing #300 on this PR so for now I'll leave NEEDS_OBJCOPY as a no-op arg in the original cmake functions (like NEEDS_LD_WRAP) and do it unconditionally (or just for tests with more than two pkeys) in the new add_ia2_compartment. Then we can figure out how to check if it's necessary (maybe building the original targets and looking for duplicate symbols with nm).

[ayrtonm]

LGTM. Could you update the target name for PartitionAlloc in docs/build_instructions.md?