This helps ensure that overflows will trigger a panic instead of
silently corrupting adjacent buffers, as happened in SA-26:13.exec.

Extend kmap_alloc_wait() to support allocation of guard pages on both
sides of a KVA allocation. Modify the exec_map setup accordingly.