reduce syscall wrapper dependences in DR

[derekbruening]

Today, a tiny change in a syscall wrapper sequence breaks DR. This issue
covers better future-proofing DR by improving the places where we assume
particulars about syscall wrappers:

• syscalls_init() looks at precise bytes in the wrapper to identify the
  syscall gateway
• syscall_wrapper_ilist() and clean_syscall_wrapper() rely on being able to
  construct a precise syscall wrapper from scratch in order to handle
  hooks, including our own native_exec hooks
• the winsysnums tool assumes things like no branches (except a few
  hardcoded cases) in its attempt to identify all system calls in an
  arbitrary system library

Xref #1598

[derekbruening]

#1598 already made DR more future-proof by obtaining syscall numbers from wrappers rather than solely relying on the built-in table. But it breaks down in the presence of hooks or if syscall wrappers change.

[derekbruening]

We need to add instr_is_wow64_syscall() on win10+ to this: they removed the
distinctive call through fs: and instead we now have to ensure a "call edx"
targets the transition code, which changes from version to version.