fix: 5 HIGH severity bugs from audit

fix: 5 HIGH severity bugs from audit

2.3: Slab allocator now uses kmalloc(PAGE_SIZE) instead of
     pmm_alloc_page + hal_mm_phys_to_virt. The old approach could
     map physical addresses above 16MB to VAs that collide with the
     heap range (0xD0000000+), causing silent memory corruption.

3.3: execve now validates sp against stack base before each write.
     Prevents writing below the user stack page if E2BIG pre-check
     is somehow bypassed. Returns -E2BIG on underflow.

3.4: SMEP (Supervisor Mode Execution Prevention) enabled in CR4
     if CPU supports it. Prevents kernel from executing user-mapped
     pages, blocking a common exploit technique. SMAP detection added
     but not enabled yet (requires STAC/CLAC in uaccess.c first).
     CPUID leaf 7 detection added for SMEP (bit 7) and SMAP (bit 20).

4.1: Kernel heap now grows dynamically from 10MB up to 64MB max.
     When kmalloc can't find a free block, kheap_grow maps new
     physical pages at the end of the heap and creates a new free
     block. Coalesces with tail if adjacent and free.

2.4: process_waitpid circular list traversal now checks for NULL
     before comparing to start, preventing NULL deref if the list
     is broken by concurrent reaping.