kernel: mem_domain: new config for isolated stacks

This adds a new kconfig to indicate if architecture code
supports isolating thread stacks within the same domain,
and another new kconfig to selectively enable this
behavior.

Signed-off-by: Daniel Leung <daniel.leung@intel.com>

doc/kernel/usermode/memory_domain.rst

@@ -74,10 +74,24 @@ Thread Stack
 ************
 
 Any thread running in user mode will need access to its own stack buffer.
-On context switch into a user mode thread, a dedicated MPU region will be
-programmed with the bounds of the stack buffer. A thread exceeding its stack
-buffer will start pushing data onto memory it doesn't have access to and a
-memory access violation exception will be generated.
+On context switch into a user mode thread, a dedicated MPU region or MMU
+page table entries will be programmed with the bounds of the stack buffer.
+A thread exceeding its stack buffer will start pushing data onto memory
+it doesn't have access to and a memory access violation exception will be
+generated.
+
+Note that user threads have access to the stacks of other user threads in
+the same memory domain. This is the minimum required for architectures to
+support memory domains. Architecture can further restrict access to stacks
+so each user thread only has access to its own stack if such architecture
+advertises this capability via
+:kconfig:option:`CONFIG_ARCH_MEM_DOMAIN_SUPPORTS_ISOLATED_STACKS`.
+This behavior is enabled by default if supported and can be selectively
+disabled via :kconfig:option:`CONFIG_MEM_DOMAIN_ISOLATED_STACKS` if
+architecture supports both operating modes. However, some architectures
+may decide to enable this all the time, and thus this option cannot be
+disabled. Regardless of these kconfigs, user threads cannot access
+the stacks of other user threads outside of their memory domains.
 
 Thread Resource Pools
 *********************