Change `clients/user/syscall.*` to register system call hook structures, instead of heap-allocating them

[pgoodman]

This will bring the design closer to how the in-progress wrap_func tool is working. Should also rename things so that there is an explicit wrap_syscall tool/client. This move would mean getting rid of unnecessary heap allocations and allocators, and would potentially make the API nicer overall.

[pgoodman]

Double check to see if this makes sense w.r.t. the actual closure pointer and delete pointer that get passed along as well. It might be that this isn't actually a tenable design.

Alternatively, this might be worth seeing as: wrapping system calls, just as functions are wrapped (i.e. in a type-specific way) rather than hooking pre/post. Wrapping would provide some really nice flexibility in terms of having the variables available on the stack instead of having to depend on TLS. Wrapping could be made to work for arbitrary syscalls by passing the syscall function six uintptr_t types in the case of unspecified syscalls, but passing the correct values along in the well-typed case.

[pgoodman]

One issue is sigreturn and rt_sigreturn. These take the stack pointer as the argument.

I think this motivates the continued use of distinct before/after wrappers.