New option on TPM devices to provide a swtpm socket fd
Goal
The goal is to allow the user to setup their own (sw)tpm daemon and have libvirt/qemu talk to it instead of automatically creating a new one.
More specifically, this would allow running swtpm in its own separate container.
Aside from the potential security benefits, removing the extra process from the libvirt environment would help with CPU/memory guarantees.
Technical details
This would probably involve adding a "socket" option to the section. Providing a socket would void most other TPM options, as libvirt wouldn't have to start anything.
On migration, I guess libvirt would assume that a socket is already created on the target. The value of the socket option probably has to be mutable on migration in case the target layout is different.