[Pal/Linux-SGX] Clear RFLAGS.DF on enclave entry

SYSV x86-64 ABI requires RFLAGS.DF to be cleared when entering a function (other flags are
undefined) and we can't trust non-SGX side to do this.

Pal/src/host/Linux-SGX/enclave_entry.S

@@ -17,6 +17,9 @@ enclave_entry:
 	# On EENTER/ERESUME, RAX is the current SSA, RBX is the address of TCS,
 	# RCX is the address of AEP. Other registers are not trusted.
 
+	# x86-64 sysv abi requires %rFLAGS.DF = 0 on entry to function call.
+	cld
+
 	# current SSA is in RAX (Trusted)
 	cmpq $0, %rax
 	jne .Lhandle_resume