Initial implementation of _FORTIFY_SOURCE

From: Kyle Evans <kevans_at_FreeBSD.org>
Date: Mon, 13 May 2024 17:47:41 UTC
Hi,

As of 9bfd3b407 ("Add a build knob for _FORTIFY_SOURCE"), I've imported 
an initial version of FORTIFY_SOURCE from FreeBSD.  FORTIFY_SOURCE is an 
improvement over classical SSP, doing compiler-aided checking of stack 
object sizes to detect more fine-grained stack overflow without relying 
on the randomized stack canary just past the stack frame.

This implementation is not yet complete, but we've done a review of 
useful functions and syscalls to add checked variants of and intend to 
complete the implementation over the next month or so.

Please test _FORTIFY_SOURCE out now by setting FORTIFY_SOURCE=2 in the 
buildworld env -- I intend to flip the default to 2 when WITH_SSP is set 
in the next month if nobody complains about serious breakage.  I've 
personally been rolling with FORTIFY_SOURCE=2 for the last three years 
that this has been sitting in a local branch, so I don't really 
anticipate any super-fundamental breakage.

Thanks,

Kyle Evans