At its inception, Cilium had an external ebpf loader (iproute2) that didn't
deal with changes to map properties (type/k/v/maxentries/flags). To allow
the agent to upgrade/downgrade maps, a 'map migration' system was introduced
that would take the new ELF and compare its maps against their pinned
counterparts on the system's bpffs. Incompatible maps were renamed using
a ':pending' suffix to allow the loader to create and pin a new instance of
the map at its old path. If all went well, the :pending map was removed.

Even though it served us for many years, this system wasn't without its
drawbacks, primarily the many moving parts (files) to manage on bpffs, as well
as its obscuring of subtle bugs in managing tail call map lifecycle.

This commit replaces the map migration system with a commit-based system that
doesn't modify any bpffs-related resources until all of an ELF's entrypoints
are attached and all cross-ELF tail calls (policy progs) have been inserted.

After commit() has run for a Collection, only one copy of each map pin will be
present on bpffs. This removes all possibility of previous ELF generations
being partially attached somewhere, still handling traffic using an old tail
call map. Such cases will now fail loudly with the 'missed tail call' metric
increasing due to the old tail call map pins being removed.

Signed-off-by: Timo Beckers <timo@isovalent.com>

This commit adds support for the custom CILIUM_PIN_REPLACE pinning flag.
It signals to the loader that a map should be pinned without being reused
in subsequent ELF loads.

This replaces bespoke cilium_calls_-specific logic in the loader with a
generic map flag, opening it up for other use cases as well. The reasons
for this behaviour are widely documented and present in the code for
posterity.

Also, give each netdev its own instance of cilium_calls. Sharing a tail call
map across all XDP entry points causes multiple netdevs' programs to clobber
the shared cilium_calls_xdp bpffs pin.

Signed-off-by: Timo Beckers <timo@isovalent.com>