Securely exposing an accelerator to privileged system components

What is claimed is: 1. An apparatus, comprising: an interface to receive, from a hardware accelerator, an instruction including an indication of a privileged component; circuitry, the circuitry arranged to: determine whether the instruction is invalid based on a configuration, the configuration to provide a set of security rules to determine whether the instruction complies with one or more security features of a system; apply a restriction to the instruction based on a determination that the instruction is invalid; determine a set of associated system management operations to restore the system to a secure operating state before receipt of the invalid instruction using state information stored in the configuration; and perform the set of associated system management operations. 2. The apparatus of claim 1 , the circuitry to determine whether the instruction is invalid based on at least one of: a protocol validation operation; a network address permission check; a memory address range permission check; an amount of bandwidth used by the hardware accelerator; an amount of thermal energy generated by the hardware accelerator; or an amount of power used by the hardware accelerator. 3. The apparatus of claim 1 , the circuitry to forward the instruction to the privileged component based on a determination that the instruction is valid. 4. The apparatus of claim 1 , the circuitry to, at least one of the following: send a control signal to the hardware accelerator to cause the hardware accelerator to reset based on a determination that the instruction is invalid; create an entry in a system log based on a determination that the instruction is invalid, the entry comprising an indication of the instruction; generate and transmit a notification based on a determination that the instruction is invalid, the notification comprising an indication of the instruction; report the instruction via an application programming interface (API) based on a determination that the instruction is invalid; or send a control signal to the hardware accelerator to cause the hardware accelerator to enter a low power state based on a determination that the instruction is invalid. 5. The apparatus of claim 1 , the circuitry comprising an interface to couple to the privileged component. 6. The apparatus of claim 1 , the circuitry to: determine whether the hardware accelerator has responded to a Peripheral Component Interconnect Express (PCIe) request from the privileged component; generate a response to the PCIe request from the privileged component on behalf of the hardware accelerator based on a determination that the hardware accelerator has not responded to the PCIe request from the privileged component; and transmit the response to the privileged component. 7. The apparatus of claim 1 , the circuitry to restrict the hardware accelerator from initiating Peripheral Component Interconnect Express (PCIe) transactions with the privileged component. 8. The apparatus of claim 1 , wherein the instruction is associated with an untrusted third party accessing the hardware accelerator in a cloud computing environment. 9. At least one non-transitory computer-readable storage medium, storing instructions that when executed by a security broker coupled to a hardware accelerator and a privileged component, cause the security broker to: determine whether an instruction received from the hardware accelerator is invalid based on a configuration, the configuration to provide a set of security rules to determine whether the instruction complies with one or more security features of a system, the instruction comprising an indication of the privileged component; apply a restriction to the instruction based on a determination that the instruction is invalid; determine a set of associated system management operations to restore the system to a secure operating state before receipt of the invalid instruction using state information stored in the configuration; and perform the set of associated system management operations. 10. The at least one non-transitory computer-readable storage medium of claim 9 , the instructions, when executed further cause the security broker to determine whether the instruction is invalid based on at least one of: a protocol validation operation; a network address permission check; a memory address range permission check; an amount of bandwidth used by the hardware accelerator; an amount of thermal energy generated by the hardware accelerator; or an amount of power used by the hardware accelerator. 11. The at least one non-transitory computer-readable storage medium of claim 9 , the instructions, when executed further cause the security broker to forward the instruction to the privileged component based on a determination that the instruction is valid. 12. The at least one non-transitory computer-readable storage medium of claim 9 , the instructions, when executed further cause the security broker to: send a control signal to the hardware accelerator to cause the hardware accelerator to reset based on a determination that the instruction is invalid; create an entry in a system log based on a determination that the instruction is invalid, the entry comprising an indication of the instruction; generate and transmit a notification based on a determination that the instruction is invalid, the notification comprising an indication of the instruction; report the instruction via an application programming interface (API) based on a determination that the instruction is invalid; or send a control signal to the hardware accelerator to cause the hardware accelerator to enter a low power state based on a determination that the instruction is invalid. 13. The at least one non-transitory computer-readable storage medium of claim 9 , the instructions, when executed further cause the security broker to: determine whether the hardware accelerator has responded to a Peripheral Component Interconnect Express (PCIe) request from the privileged component; generate a response to the PCIe request from the privileged component on behalf of the hardware accelerator based on a determination that the hardware accelerator has not responded to the PCIe request from the privileged component; and transmit the response to the privileged component. 14. The at least one non-transitory computer-readable storage medium of claim 9 , the instructions, when executed further cause the security broker to restrict the hardware accelerator from initiating Peripheral Component Interconnect Express (PCIe) transactions with the privileged component. 15. A system, comprising: a hardware accelerator; and an apparatus coupled to the hardware accelerator, the apparatus comprising: an interface to receive an instruction from the hardware accelerator; and circuitry coupled with the interface, the circuitry to: determine whether the instruction received from the hardware accelerator is invalid based on a configuration, the configuration to provide a set of security rules to determine whether the instruction complies with one or more security features of the system, the instruction comprising an indication of a privileged component; apply a restriction to the instruction based on a determination that the instruction is invalid; determine a set of associated system management operations to restore the system to a secure operating state before receipt of the invalid instruction using state information stored in the configuration; and perform the set of associated system management operations. 16. The system o