xen/privcmd: fix integer truncation in IOCTL_PRIVCMD_MMAPBATCH

The size field in the XENMEM_add_to_physmap_range is an uint16_t, and the
privcmd driver was doing an implicit truncation of an int into an uint16_t
when filling the hypercall parameters.

Fix this by adding a loop and making sure privcmd splits ioctl request into
2^16 chunks when issuing the hypercalls.

Reported and tested by: Marcin Cieslak <saper@saper.info>
Sponsored by: Citrix Systems R&D