Add SWAPGS/WRFSBASE attacks

[jovanbulck]

Described here and here, this actually also includes an interesting sub-instance of MD-GP. The paper and deep-dive are not very clear on the exact interaction with #GP faults, but afaik some of the attacks abuse that transient execution continues with wrong segement selectors after a faulting WRFSBASE. Hence, we should figure out and clearly describe the MD-GP behavior and update the tree accordingly.