engine: Remove taa-no from Secure Skylake Server

The host with Secure Intel Icelake Server Family become non operational
because it does not provide "taa-no" CPU feature even though the
following command indicates that the host is not vulnerable.

cat /sys/devices/system/cpu/vulnerabilities/tsx_async_abort
Not affected

It is possible that this flag is not reported on systems that
are not vulnerable anymore. We disable TSX in our CPU definition
(we use Icelake-Server-noTSX) so it is not a security risk if we leave
the requirement for "taa-no" CPU feature.

Bug-Url: https://github.com/oVirt/ovirt-engine/issues/2184623
Signed-off-by: Lucia Jelinkova <ljelinko@redhat.com>

packaging/dbscripts/upgrade/pre_upgrade/0000_config.sql

@@ -500,7 +500,7 @@ select fn_db_add_config_value('ServerCPUList',
         || '17:Intel Cascadelake Server Family:vmx,model_Cascadelake-Server:Cascadelake-Server,-hle,-rtm,-mpx:x86_64; '
         || '18:Secure Intel Cascadelake Server Family:vmx,model_Cascadelake-Server-noTSX:Cascadelake-Server-noTSX,-mpx:x86_64; '
         || '19:Intel Icelake Server Family:vmx,model_Icelake-Server-noTSX:Icelake-Server-noTSX,-mpx:x86_64; '
-        || '20:Secure Intel Icelake Server Family:vmx,arch-capabilities,rdctl-no,ibrs-all,skip-l1dfl-vmentry,mds-no,pschange-mc-no,taa-no,model_Icelake-Server-noTSX:Icelake-Server-noTSX,+arch-capabilities,+rdctl-no,+ibrs-all,+skip-l1dfl-vmentry,+mds-no,+pschange-mc-no,+taa-no,-mpx:x86_64; '
+        || '20:Secure Intel Icelake Server Family:vmx,arch-capabilities,rdctl-no,ibrs-all,skip-l1dfl-vmentry,mds-no,pschange-mc-no,model_Icelake-Server-noTSX:Icelake-Server-noTSX,+arch-capabilities,+rdctl-no,+ibrs-all,+skip-l1dfl-vmentry,+mds-no,+pschange-mc-no,-mpx:x86_64; '
         || '1:AMD Opteron G4:svm,nx,model_Opteron_G4:Opteron_G4:x86_64; '
         || '2:AMD Opteron G5:svm,nx,model_Opteron_G5:Opteron_G5:x86_64; '
         || '3:AMD EPYC:svm,nx,model_EPYC:EPYC:x86_64; '
@@ -533,7 +533,7 @@ select fn_db_add_config_value('ServerCPUList',
         || '17:Intel Cascadelake Server Family:vmx,model_Cascadelake-Server:Cascadelake-Server,-hle,-rtm,-mpx:x86_64; '
         || '18:Secure Intel Cascadelake Server Family:vmx,model_Cascadelake-Server-noTSX:Cascadelake-Server-noTSX,-mpx:x86_64; '
         || '19:Intel Icelake Server Family:vmx,model_Icelake-Server-noTSX:Icelake-Server-noTSX,-mpx:x86_64; '
-        || '20:Secure Intel Icelake Server Family:vmx,arch-capabilities,rdctl-no,ibrs-all,skip-l1dfl-vmentry,mds-no,pschange-mc-no,taa-no,model_Icelake-Server-noTSX:Icelake-Server-noTSX,+arch-capabilities,+rdctl-no,+ibrs-all,+skip-l1dfl-vmentry,+mds-no,+pschange-mc-no,+taa-no,-mpx:x86_64; '
+        || '20:Secure Intel Icelake Server Family:vmx,arch-capabilities,rdctl-no,ibrs-all,skip-l1dfl-vmentry,mds-no,pschange-mc-no,model_Icelake-Server-noTSX:Icelake-Server-noTSX,+arch-capabilities,+rdctl-no,+ibrs-all,+skip-l1dfl-vmentry,+mds-no,+pschange-mc-no,-mpx:x86_64; '
         || '1:AMD Opteron G4:svm,nx,model_Opteron_G4:Opteron_G4:x86_64; '
         || '2:AMD Opteron G5:svm,nx,model_Opteron_G5:Opteron_G5:x86_64; '
         || '3:AMD EPYC:svm,nx,model_EPYC:EPYC:x86_64; '
@@ -566,7 +566,7 @@ select fn_db_add_config_value('ServerCPUList',
         || '17:Intel Cascadelake Server Family:vmx,model_Cascadelake-Server:Cascadelake-Server,-hle,-rtm,-mpx:x86_64; '
         || '18:Secure Intel Cascadelake Server Family:vmx,model_Cascadelake-Server-noTSX:Cascadelake-Server-noTSX,-mpx:x86_64; '
         || '19:Intel Icelake Server Family:vmx,model_Icelake-Server-noTSX:Icelake-Server-noTSX,-mpx:x86_64; '
-        || '20:Secure Intel Icelake Server Family:vmx,arch-capabilities,rdctl-no,ibrs-all,skip-l1dfl-vmentry,mds-no,pschange-mc-no,taa-no,model_Icelake-Server-noTSX:Icelake-Server-noTSX,+arch-capabilities,+rdctl-no,+ibrs-all,+skip-l1dfl-vmentry,+mds-no,+pschange-mc-no,+taa-no,-mpx:x86_64; '
+        || '20:Secure Intel Icelake Server Family:vmx,arch-capabilities,rdctl-no,ibrs-all,skip-l1dfl-vmentry,mds-no,pschange-mc-no,model_Icelake-Server-noTSX:Icelake-Server-noTSX,+arch-capabilities,+rdctl-no,+ibrs-all,+skip-l1dfl-vmentry,+mds-no,+pschange-mc-no,-mpx:x86_64; '
         || '1:AMD Opteron G4:svm,nx,model_Opteron_G4:Opteron_G4:x86_64; '
         || '2:AMD Opteron G5:svm,nx,model_Opteron_G5:Opteron_G5:x86_64; '
         || '3:AMD EPYC:svm,nx,model_EPYC:EPYC:x86_64; '
@@ -1278,7 +1278,7 @@ select fn_db_update_config_value('ServerCPUList',
         || '17:Intel Cascadelake Server Family:vmx,model_Cascadelake-Server:Cascadelake-Server,-hle,-rtm,-mpx:x86_64; '
         || '18:Secure Intel Cascadelake Server Family:vmx,model_Cascadelake-Server-noTSX:Cascadelake-Server-noTSX,-mpx:x86_64; '
         || '19:Intel Icelake Server Family:vmx,model_Icelake-Server-noTSX:Icelake-Server-noTSX,-mpx:x86_64; '
-        || '20:Secure Intel Icelake Server Family:vmx,arch-capabilities,rdctl-no,ibrs-all,skip-l1dfl-vmentry,mds-no,pschange-mc-no,taa-no,model_Icelake-Server-noTSX:Icelake-Server-noTSX,+arch-capabilities,+rdctl-no,+ibrs-all,+skip-l1dfl-vmentry,+mds-no,+pschange-mc-no,+taa-no,-mpx:x86_64; '
+        || '20:Secure Intel Icelake Server Family:vmx,arch-capabilities,rdctl-no,ibrs-all,skip-l1dfl-vmentry,mds-no,pschange-mc-no,model_Icelake-Server-noTSX:Icelake-Server-noTSX,+arch-capabilities,+rdctl-no,+ibrs-all,+skip-l1dfl-vmentry,+mds-no,+pschange-mc-no,-mpx:x86_64; '
         || '1:AMD Opteron G4:svm,nx,model_Opteron_G4:Opteron_G4:x86_64; '
         || '2:AMD Opteron G5:svm,nx,model_Opteron_G5:Opteron_G5:x86_64; '
         || '3:AMD EPYC:svm,nx,model_EPYC:EPYC:x86_64; '
@@ -1310,7 +1310,7 @@ select fn_db_update_config_value('ServerCPUList',
         || '17:Intel Cascadelake Server Family:vmx,model_Cascadelake-Server:Cascadelake-Server,-hle,-rtm,-mpx:x86_64; '
         || '18:Secure Intel Cascadelake Server Family:vmx,model_Cascadelake-Server-noTSX:Cascadelake-Server-noTSX,-mpx:x86_64; '
         || '19:Intel Icelake Server Family:vmx,model_Icelake-Server-noTSX:Icelake-Server-noTSX,-mpx:x86_64; '
-        || '20:Secure Intel Icelake Server Family:vmx,arch-capabilities,rdctl-no,ibrs-all,skip-l1dfl-vmentry,mds-no,pschange-mc-no,taa-no,model_Icelake-Server-noTSX:Icelake-Server-noTSX,+arch-capabilities,+rdctl-no,+ibrs-all,+skip-l1dfl-vmentry,+mds-no,+pschange-mc-no,+taa-no,-mpx:x86_64; '
+        || '20:Secure Intel Icelake Server Family:vmx,arch-capabilities,rdctl-no,ibrs-all,skip-l1dfl-vmentry,mds-no,pschange-mc-no,model_Icelake-Server-noTSX:Icelake-Server-noTSX,+arch-capabilities,+rdctl-no,+ibrs-all,+skip-l1dfl-vmentry,+mds-no,+pschange-mc-no,-mpx:x86_64; '
         || '1:AMD Opteron G4:svm,nx,model_Opteron_G4:Opteron_G4:x86_64; '
         || '2:AMD Opteron G5:svm,nx,model_Opteron_G5:Opteron_G5:x86_64; '
         || '3:AMD EPYC:svm,nx,model_EPYC:EPYC:x86_64; '
@@ -1342,7 +1342,7 @@ select fn_db_update_config_value('ServerCPUList',
         || '17:Intel Cascadelake Server Family:vmx,model_Cascadelake-Server:Cascadelake-Server,-hle,-rtm,-mpx:x86_64; '
         || '18:Secure Intel Cascadelake Server Family:vmx,model_Cascadelake-Server-noTSX:Cascadelake-Server-noTSX,-mpx:x86_64; '
         || '19:Intel Icelake Server Family:vmx,model_Icelake-Server-noTSX:Icelake-Server-noTSX,-mpx:x86_64; '
-        || '20:Secure Intel Icelake Server Family:vmx,arch-capabilities,rdctl-no,ibrs-all,skip-l1dfl-vmentry,mds-no,pschange-mc-no,taa-no,model_Icelake-Server-noTSX:Icelake-Server-noTSX,+arch-capabilities,+rdctl-no,+ibrs-all,+skip-l1dfl-vmentry,+mds-no,+pschange-mc-no,+taa-no,-mpx:x86_64; '
+        || '20:Secure Intel Icelake Server Family:vmx,arch-capabilities,rdctl-no,ibrs-all,skip-l1dfl-vmentry,mds-no,pschange-mc-no,model_Icelake-Server-noTSX:Icelake-Server-noTSX,+arch-capabilities,+rdctl-no,+ibrs-all,+skip-l1dfl-vmentry,+mds-no,+pschange-mc-no,-mpx:x86_64; '
         || '1:AMD Opteron G4:svm,nx,model_Opteron_G4:Opteron_G4:x86_64; '
         || '2:AMD Opteron G5:svm,nx,model_Opteron_G5:Opteron_G5:x86_64; '
         || '3:AMD EPYC:svm,nx,model_EPYC:EPYC:x86_64; '