fix bug of pmpcfg_csr_read

[wxjstz]

related code:

target_ulong cfg_val = 0;
uint8_t val = 0;
cfg_val |= (val << (i * 8));

C language automatic type promotion to int. The length of the int under RV64 may be small with target_ulong, and the upper 32 bits can't be read.

[michaeljclark]

Good spotting. I spotted this one myself and fixed already but didn't have in the changelog. Thanks.