[3.19] main/xen: add mitigations for XSA-449 (x86_64)

we're not vulnerable to XSA-450 since we don't disable CONFIG_HVM but let's patch anyway

https://xenbits.xen.org/xsa/advisory-449.html

https://xenbits.xen.org/xsa/advisory-450.html