TDX islands with self-contained scope enabling TDX KeyID scaling

What is claimed is: 1. A system comprising: a plurality of cores; at least one multi-key total-memory-encryption circuits (MK-TME) circuit; at least one p memory controller; and a trust domain island resource manager (TDIRM) to: initialize a trust domain island control structure (TDICS) associated with a TD island, initialize a TD island protected memory (TDIPM) associated with the TD island, identify a host key identifier (HKID) in a key ownership table (KOT), assign the HKID to a cryptographic key in a MK-TME circuit and store the HKID in the TDICS, associate a first core of the plurality of cores with the TD island, add a memory page from an address space of the first core to the TDIPM, and transfer execution control to the first core to execute the TD island, and wherein a scope of the TDIPM is limited to bounds of the TD island. 2. The system of claim 1 , wherein each TD island is to be mapped to one of the plurality of sockets, and wherein a number of HKIDs in the system is equal to a number of sockets in the system multiplied by a number of KOT entries. 3. The system of claim 1 , wherein each TD island is to be mapped to one of the plurality of memory controllers in each of the plurality of sockets, and wherein a number of HKIDs in the system is equal to a number of sockets multiplied by a number of memory controllers in each socket, multiplied by a number of entries in the KOT. 4. The system of claim 1 , wherein each TD island is to be mapped to one of the plurality of cores in each of the plurality of sockets, and wherein a number of HKIDs in the system is equal to a number of sockets multiplied by a number of cores in each socket, multiplied by a number of entries in the KOT. 5. The system of claim 1 , wherein each of the plurality of sockets further comprises a hypervisor, and wherein each of the plurality of cores is a virtual machine. 6. The system of claim 1 , further comprising storage for a hardware configuration data structure to identify the sockets, the plurality of MK-TME circuits, and the memory controllers in the system, the TDIRM to access the hardware configuration when initializing the TD island. 7. The system of claim 1 , wherein the plurality of MK-TME circuits, when performing encryption and decryption, are to use a Ciphertext Stealing Advanced Encryption Standard (XTS-AES) in compliance with Institute of Electronics and Electrical Engineers (IEEE) 1619. 8. A method performed by a Trust Domain Island (TDI) Resource Manager (TDIRM) in a system comprising a plurality of sockets, each comprising a plurality of cores and a plurality of multi-key total memory encryption (MK-TME) circuits, the method comprising: initializing a TDI Control Structure (TDICS) associated with a first TDI; initializing a TDI Protected Memory (TDIPM) associated with the first TDI; identifying a host key identifier (HKID) in a key ownership table (KOT); assigning the HKID to a cryptographic key and storing the HKID in the TDICS; and associating a first core with the first TDI, adding a memory page from an address space of the first core to the TDIPM, and transferring execution control to the first core to execute the first TDI, wherein a scope of the TDIPM is limited to bounds of the first TDI. 9. The method of claim 8 , wherein each TD island is mapped to one of the plurality of sockets, and wherein a number of HKIDs in the system is equal to a number of sockets in the system multiplied by a number of KOT entries. 10. The method of claim 8 , wherein each TD island is mapped to one of the plurality of memory controllers in each of the plurality of sockets, and wherein a number of HKIDs in the system is equal to a number of sockets multiplied by a number of memory controllers in each socket, multiplied by a number of entries in the KOT. 11. The method of claim 8 , wherein each TD island is mapped to one of the plurality of cores in each of the plurality of sockets, and wherein a number of HKIDs in the system is equal to a number of sockets multiplied by a number of cores in each socket, multiplied by a number of entries in the KOT. 12. The method of claim 8 , wherein each of the plurality of sockets further comprises a hypervisor, and wherein each of the plurality of cores is a virtual machine. 13. The method of claim 8 , further comprising the TDIRM referencing a hardware configuration structure identifying the sockets, the plurality of MK-TME circuits, and the memory controllers in the system, when initializing the TD island. 14. The method of claim 8 , wherein the plurality of MK-TME circuits use a Ciphertext Stealing Advanced Encryption Standard (XTS-AES) in compliance with IEEE 1619, an Institute of Electronics and Electrical Engineers standard. 15. An apparatus comprising: at least one multi-key total-memory-encryption circuits (MK-TME) circuit; and a trust domain island resource manager (TDIRM) to: initialize a trust domain island control structure (TDICS) associated with a TD island, initialize a TD island protected memory (TDIPM) associated with the TD island, identify a host key identifier (HKID) in a key ownership table (KOT), assign the HKID to a cryptographic key in a MK-TME circuit and store the HKID in the TDICS, associate a first core of the plurality of cores with the TD island, add a memory page from an address space of the first core to the TDIPM, and transfer execution control to the first core to execute the TD island, and wherein a scope of the TDIPM is limited to bounds of the TD island. 16. The apparatus of claim 15 , wherein each TD island is to be mapped to one of plurality of sockets, and wherein a number of HKIDs in the system is equal to a number of sockets in the in the apparatus multiplied by a number of KOT entries. 17. The apparatus of claim 15 , wherein each TD island is to be mapped to at least one memory controllers, and wherein a number of HKIDs in the system is equal to a number of sockets multiplied by a number of memory controllers in each socket, multiplied by a number of entries in the KOT. 18. The apparatus of claim 15 , wherein each TD island is to be mapped to at least one core in each of a plurality of sockets, and wherein a number of HKIDs in the system is equal to a number of sockets multiplied by a number of cores in each socket, multiplied by a number of entries in the KOT. 19. The apparatus of claim 15 , further comprising storage for a hardware configuration data structure to identify sockets, the at least one MK-TME circuit, and memory controller, the TDIRM to access the hardware configuration when initializing the TD island. 20. The apparatus of claim 15 , wherein the at least one MK-TME circuits, when performing encryption and decryption, is to use a Ciphertext Stealing Advanced Encryption Standard (XTS-AES) in compliance with Institute of Electronics and Electrical Engineers (IEEE) 1619.