A floating point fault (instead of DNA fault) can occur when the TS bit

A floating point fault (instead of DNA fault) can occur when the TS bit
in CR0 is clear and will call npx_intr().  However, because we are using
a trap exception vector this fault does not disable interrupts and it is
possible for a preemption to come along after the fault is dispatched
before but npx_intr() has time to do anything.  This preemption can wind
up changing the FP state, causing npx_intr() to hit an assertion and panic
the machine.

Keep using the interrupt-enabled version of the vector (SDT_SYS386TGT
instead of SDT_SYS386IGT), but adjust npx_intr() to enter a critical
section to avoid getting the FP state ripped out from under it, then have
it check for the race case and call npxdna() as appropriate.  Document the
whole mess.

Reported-by: Sascha Wildner <saw@online.de>
Found-with: sysutils/crashme using crashme +2000 666 100 1:00:00 5