sh: support building multiple kernel variants

[JackThomson2]

Creating a script to build and install a modified kernel with patches
applied.

Signed-off-by: Jack Thomson jackabt@amazon.com## Changes

...

Reason

...

License Acceptance

By submitting this pull request, I confirm that my contribution is made under
the terms of the Apache 2.0 license. For more information on following Developer
Certificate of Origin and signing off your commits, please check
CONTRIBUTING.md.

PR Checklist

• I have read and understand CONTRIBUTING.md.
• I have run tools/devtool checkbuild --all to verify that the PR passes
  build checks on all supported architectures.
• I have run tools/devtool checkstyle to verify that the PR passes the
  automated style checks.
• I have described what is done in these changes, why they are needed, and
  how they are solving the problem in a clear and encompassing way.
• I have updated any relevant documentation (both in code and in the docs)
  in the PR.
• I have mentioned all user-facing changes in CHANGELOG.md.
• If a specific issue led to this PR, this PR closes the issue.
• When making API changes, I have followed the
  Runbook for Firecracker API changes.
• I have tested all new and changed functionalities in unit tests and/or
  integration tests.
• I have linked an issue to every new TODO.

---

• This functionality cannot be added in rust-vmm.

The secret hiding CI could only build a single kernel: the build scripts
read kernel_url, kernel_commit_hash, kernel_config_overrides and
linux_patches straight from the hiding_ci directory, so there was no way
to add a second kernel without clobbering the first.

Restructure the directory into a shared root plus per-variant
subfolders. The root keeps everything version independent (the build
scripts, the ENA helpers, the default kernel_url and a shared
base_config), while each variant under kernels// carries its
own kernel_commit_hash, linux_patches and optional kernel_url and
config_overrides overrides.

Both scripts now take a variant selector as their first argument and
resolve all per-variant inputs from kernels//. The repository
URL falls back to the shared root default when a variant does not
override it. The build merges config overrides base first then variant
on top so later values win. check_override_presence resolves the
effective last-wins value per option before validating, so a variant
overriding a base value no longer trips a false "missing config"
failure. When no variant is given and exactly one exists, the script
uses it; otherwise it lists the available variants and exits.

The existing patch series moves under kernels/6.18-secret-hiding/, whose
pinned commit is Linux 6.18, and kernel_config_overrides becomes
base_config to reflect its new shared role.

Signed-off-by: Jack Thomson jackabt@amazon.com

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 81.08%. Comparing base (db61d77) to head (a5bad4b).

Additional details and impacted files

@@                  Coverage Diff                   @@
##           feature/secret-hiding    #5999   +/-   ##
======================================================
  Coverage                  81.08%   81.08%           
======================================================
  Files                        279      279           
  Lines                      31370    31370           
======================================================
  Hits                       25436    25436           
  Misses                      5934     5934           

Flag	Coverage Δ
5.10-m5n.metal	81.16% <ø> (-0.01%)	⬇️
5.10-m6a.metal	80.46% <ø> (ø)
5.10-m6g.metal	78.01% <ø> (ø)
5.10-m6i.metal	81.16% <ø> (ø)
5.10-m7a.metal-48xl	80.45% <ø> (-0.01%)	⬇️
5.10-m7g.metal	78.01% <ø> (ø)
5.10-m7i.metal-24xl	81.14% <ø> (+<0.01%)	⬆️
5.10-m7i.metal-48xl	81.13% <ø> (-0.02%)	⬇️
5.10-m8g.metal-24xl	78.01% <ø> (-0.01%)	⬇️
5.10-m8g.metal-48xl	78.01% <ø> (-0.01%)	⬇️
5.10-m8i.metal-48xl	81.17% <ø> (ø)
5.10-m8i.metal-96xl	81.17% <ø> (ø)
6.1-m5n.metal	81.18% <ø> (-0.01%)	⬇️
6.1-m6a.metal	80.49% <ø> (ø)
6.1-m6g.metal	78.01% <ø> (ø)
6.1-m6i.metal	81.19% <ø> (-0.01%)	⬇️
6.1-m7a.metal-48xl	80.48% <ø> (ø)
6.1-m7g.metal	78.01% <ø> (ø)
6.1-m7i.metal-24xl	81.19% <ø> (-0.01%)	⬇️
6.1-m7i.metal-48xl	81.20% <ø> (-0.01%)	⬇️
6.1-m8g.metal-24xl	78.01% <ø> (ø)
6.1-m8g.metal-48xl	78.01% <ø> (ø)
6.1-m8i.metal-48xl	81.23% <ø> (ø)
6.1-m8i.metal-96xl	81.23% <ø> (ø)
6.18-m5n.metal	81.18% <ø> (-0.02%)	⬇️
6.18-m6a.metal	80.49% <ø> (+<0.01%)	⬆️
6.18-m6g.metal	78.01% <ø> (-0.01%)	⬇️
6.18-m6i.metal	81.19% <ø> (-0.04%)	⬇️
6.18-m7a.metal-48xl	80.48% <ø> (-0.04%)	⬇️
6.18-m7g.metal	78.01% <ø> (ø)
6.18-m7i.metal-24xl	81.20% <ø> (ø)
6.18-m7i.metal-48xl	81.20% <ø> (-0.02%)	⬇️
6.18-m8g.metal-24xl	78.01% <ø> (-0.01%)	⬇️
6.18-m8g.metal-48xl	78.01% <ø> (ø)
6.18-m8i.metal-48xl	81.23% <ø> (-0.01%)	⬇️
6.18-m8i.metal-96xl	81.24% <ø> (+<0.01%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.