Handle branches that occur in the middle of a block

[ayrtonm]

The tracer assumes that indirect branches always occur at the end of the translation blocks defined by QEMU to avoid the need for single-step mode. Currently input addresses that are found in the middle of a block will not show up in the output .csv even if they're executed.

While this assumption will very likely always be true for unconditional indirect branches, it'd be nice to log a warning to stderr when one of these inputs is encountered in block_trans_handler. To avoid needing to iterate through all input callsites in block_trans_handler we should sort the callsites in qemu_plugin_install then limit the callsites checked to those within the block being translated.

[ayrtonm]

Since arm32 can have conditional indirect branches (e.g. ldreq PC, Rn) we shouldn't assume that these branches only occur at the end of a translation block. Fortunately it seems that callbacks registered for instructions executed work without singlestep mode so handling the ignored callsites won't require a lot of changes.

To handle these indirect branches we should register an insn exec callback for the branch and another for the following instruction. The first callback will set indirect_taken to the branch address like at the end of indirect_block_exec_handler and the second callback will set it to nullopt in case the branch is not taken. If the branch is taken, the default callback for executing a block will mark where the branch's destination.