Translated stolen register app value lost on signal/synchall control transfer

When translating a thread context for synchall or on a signal, we invoke the client fault handler and arrive at the app's proper value for the stolen register in our local mcontext. We then use the same mcontext to get back into DR through an exit stub, but for that transition we need to put DR's TLS pointer back into the stolen register. That clobbers the translated value. If all client handlers did not touch the value, no harm is done since the TLS slot value is taken as the app value; but if a client were to need to restore a value there, we would get the wrong value in the end. This should be rare, since drreg avoids using the stolen register.