AArch64: `ldraa`/`ldrab` use wrong pointer authentication diversifier

[droe]

Unicorn based on qemu 5.0 contains a PAuth bug where the "load with pointer authentication" instructions ldraa and ldrab use the stack pointer register as diversifier, when they should be using the zero register. Both sp and xzr are encoded in instructions as register 31, but in the context of authenticated loads, 31 means zxr, not sp.

The issue causes spurious pointer authentication failures for code using ldraa or ldrab with the respective data key enabled, and as such is a showstopper for using Unicorn with data pointer authentication.

I have a regression test and an isolated fix, battle-tested in a real-world project. Landing a fix looks to be complicated right now, due to other changes in flight:

• feat!: bump QEMU to 5.1.0 #2143 contains the fix as part of updating the vendored qemu to 5.1.
• Staging big changes for 2.2.0 #2145 also contains the fix as part of updating the vendored qemu to 5.1.
• arm64: Add PAuth helpers for signing, stripping and authentication of pointers #2262 contains PAuth test initialization and helper code that we'd have to duplicate if we'd want to land a regression test for the fix earlier (no big deal but worth pointing out).

The best course forward is probably to keep this issue open until after qemu 5.1 lands, and then land a regression test separately. In case qemu 5.1 will take long to land, we'd want a fix to land sooner, to unblock the use of PAuth with Unicorn. Happy to provide a PR with the isolated fix plus a regression test in that case.