[$] The state of guest_memfd

A typical cloud-computing host will share some of its memory with each
guest that it runs. The host retains its access to that memory, though,
meaning that it can readily dig through that memory in search of data that
the guest would prefer to keep private. The guest_memfd subsystem removes (most of) the
host's access to guest memory, making the guest's data more secure. In the
memory-management track of the 2025 Linux Storage, Filesystem,
Memory-Management, and BPF Summit, David Hildenbrand ran a discussion on
the state and future of this feature.