Add support for IOMMU protection

[YehezkelShB]

Support for IOMMU is planned to be added to the kernel.
User-space should take advantage of it and auto-approve devices if IOMMU protection is enabled and the security level is one of those that requires device authorization.

References:
https://www.spinics.net/lists/linux-pci/msg78204.html
Especially https://www.spinics.net/lists/linux-pci/msg78206.html for the sysfs interface and documentation.

Points I collected for now:

• Add to tbtacl.rules a rule to auto-approve if IOMMU enabled.
  ACTION=="add", SUBSYSTEM=="thunderbolt", ATTRS{iommu_dma_protection}=="1", ATTR{authorized}=="0", ATTR{authorized}="1" as suggested in the documentation.
• Update documentation.
• Do we need another rule for ACTION=="change" too?
  I expect it to be needed, if a long chain of devices is connected and we auto-approve them it still takes some time and the approve on add for the last device may fail, the same as can happen with auto-approval based on ACL records.
• Do we have any place this mode should be reported to the user? Maybe mentioning it to the users when they try to run approve-all, the same as done today for SLs other than user and secure.