x86: Block DMA from unlisted devices in AMD IOMMU

Invalid device table entries in the AMD IOMMU mean that those devices
are actually allowed to perform DMA requests and issue interrupts. We
have to avoid this case because only devices listed in a config are
permitted to do so. We already achieve this effect when removing an
existing device from the table, but we have to ensure it also for any
unlisted device.

Devices with IDs not covered by any table are blocked by the IOMMU, see
AMD I/O Virtualization Technology spec, 2.2.2.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>