Offloading of remote service interactions to virtualized service devices

What is claimed is: 1. A system comprising: a block store server hosting a network-accessible block storage system; and a compute server comprising: a first subset of hardware comprising a first processor and a first memory, wherein the first subset of hardware hosts a virtual machine instance, wherein the virtual machine instance comprises an operating system and a software application; and an offload card comprising a second subset of hardware, wherein the second subset of hardware includes a second processor and a second memory, and wherein the second subset of hardware hosts a secure compute layer, and wherein the secure compute layer is: locally addressable by the operating system of the virtual machine instance as a virtualized file system device, and configured to: obtain a command to mount the virtualized file system device as a virtualized file system, in response to the command to mount the virtualized file system device as the virtualized file system, establish a communication session with the network-accessible block storage system, accept, from the software application, a file operation addressed to the virtualized file system, wherein the file operation is unsupported by the network-accessible block storage system, determine a block storage operation that is to be performed on the network-accessible block storage system to satisfy the file operation, wherein the block storage operation is supported by the network-accessible block storage system, translate the file operation addressed to the virtualized file system into, the block storage operation, submit the block storage operation to the network-accessible block storage system via the communication session, obtain a result associated with the block storage operation from the network-accessible block storage system, and return the result associated with the block storage operation to the software application as a response from the virtualized file system. 2. The system of claim 1 , wherein the file operation is generated during execution of the software application in user space of the operating system, and wherein the file operation is passed to the virtualized file system by a virtual file system (VFS) layer of the operating system. 3. The system of claim 1 , wherein the file operation is specified by the operating system. 4. The system of claim 1 , wherein the network-accessible block storage system is a cloud-based block storage system. 5. A method implemented at a secure compute layer for a hosted computing instance, wherein the secure compute layer is (i) locally addressable by an operating system of the hosted computing instance as a virtualized file system device, and (ii) implemented in memory that is inaccessible to the hosted computing instance, and wherein the method comprises: obtaining a command to mount the virtualized file system device as a virtualized file system; in response to the command to mount the virtualized file system device as the virtualized file system, establishing a communication session with a network-accessible block storage system; accepting, from a software application of the hosted computing instance, a file operation addressed to the virtualized file system, wherein the file operation is unsupported by the network-accessible block storage system; determining a block storage operation that is to be performed on the network-accessible block storage system to satisfy the file operation, wherein the block storage operation is supported by the network-accessible block storage system; translating the file operation addressed to the virtualized file system into the block storage operation; submitting the block storage operation to the network-accessible block storage system via a network interface; obtaining, via the network interface, a result associated with the block storage operation from the network-accessible block storage system; and returning the result to the software application as a response from the virtualized file system. 6. The method of claim 5 , wherein the hosted computing instance is hosted by a first processor and a first memory of a host computing device, and wherein the secure compute layer is implemented by an offload card of the host computing device, wherein the offload card includes a second processor and the memory that is inaccessible to the hosted computing instance. 7. The method of claim 6 , wherein the hosted computing instance comprises a virtual machine instance or a bare metal instance. 8. The method of claim 5 , wherein the hosted computing instance comprises a virtual machine instance, wherein the hosted computing instance is hosted by a hypervisor, and wherein the hypervisor includes the memory that is inaccessible to the hosted computing instance. 9. The method of claim 5 , wherein the file operation comprises a request to read a file, and wherein obtaining the result associated with the block storage operation that satisfies the file operation comprises: obtaining, in response to the block storage operation, information identifying a network location storing data of the file; and retrieving the data of the file from the network location as the result associated with the block storage operation. 10. The method of claim 5 , wherein obtaining the result associated with the block storage operation that satisfies the file operation comprises: obtaining, in response to the block storage operation, instructions to conduct specified processing to obtain the result; and implementing the specified processing to obtain the result. 11. The method of claim 5 , wherein the file operation is addressed to a file system object within the virtualized file system. 12. The method of claim 5 , wherein the block storage operation is submitted via the communication session with the network-accessible block storage system. 13. The method of claim 5 , wherein the hosted computing instance is authenticated to the network-accessible block storage system within the communication session based on information obtained at the secure compute layer independent of information obtained from the hosted computing instance. 14. One or more non-transitory computer-readable media storing instructions implementable at a secure compute layer for a hosted computing instance, wherein the secure compute layer is (i) locally addressable by an operating system of the hosted computing instance as a virtualized file system device, and (ii) implemented in memory that is inaccessible to the hosted computing instance, and wherein the instructions, when implemented by the secure compute layer, cause the secure compute layer to: obtain a command to mount the virtualized file system device as a virtualized file system; in response to the command to mount the virtualized file system device as the virtualized file system, establish a communication session with a network-accessible block storage system; accept, from a software application of the hosted computing instance, a file operation addressed to the virtualized file system, wherein the file operation is unsupported by the network-accessible block storage system; determine a block storage operation that is to be performed on the network-accessible block storage system to satisfy the file operation, wherein the block storage operation is supported by the network-accessible block storage system; translate the file operation addressed to the virtualized file system into the block storage operation; submit the block storage operation to the network-accessible block storage system via a network interface; obtain, via the network interface, a result associated with the bl