replace device-vat-admin with a kernel-owned device node

[warner]

In a discussion with @FUDCo about how I'm actually using this to achieve #4381, it occurred to me that an alternative approach would be to implement "kernel-provided device nodes", in which the kernel would set dNN.owner = null to indicate that the kernel owns a device node. So when vat-vat-admin does syscall.callNow(deviceVatAdmin, 'createVat', args), it would get routed to the kernel instead of device-vat-admin (and device-vat-admin would go away).

This would have a lot of benefits over the PR I'm working on:

• with no device-vat-admin, userspace is no longer obligated to help the kernel wire up its own internal components
• the bootstrap vat no longer has a way to forge newVatCallback or vat-termination messages
• the lack of GC in devices no longer causes vatParameter objects to get retained forever

This would not require changes to the code in vat-vat-admin (it will keep making D() calls), but device-vat-admin goes away, userspace bootstrap() functions must change to replace their vatAdminService = await E(vats.vatAdmin).createVatAdminService(devices.vatAdmin) with vatAdminService = vats.vatAdmin.

It would require initializeSwingSet to allocate the new kernel-owned device node, and include it in the vatParameters arguments passed to vat-vat-admin, effectively moving the createVatAdminService call into buildRootObject.

Originally posted by @warner in #4726 (comment)