drivers: xen: gnttab: prevent double-free for grant refs

Grant references are allocated via simple O(1) allocator - idx of first
free gref is always stored in the "0" list entry (e.g. list[0] == "A").
Next free gref (e.g. B) will be stored inside list entry with the index
of previous (list[A] == B) and so on. This allows to find free gref
instantly if available. However, current implementation allows a user
to perform a double-free of some taken grefs since it doesn't store any
information about entries being currently claimed. This may cause
gref_list to break.

Add GNTTAB_GREF_USED value and mark all taken grefs with it to prevent
double free in put_grant_entry().

These changes also required updates for allocator and semaphore init
sequences, since we can not use put_free_entry() during driver
initialization anymore.

Signed-off-by: Dmytro Firsov <dmytro_firsov@epam.com>