Increase fortification level

[imwints]

Newer versions of GCC and Clang support _FORTIFY_SOURCE=3 which increases code safety by providing better size checks

For reference see
https://developers.redhat.com/articles/2023/02/06/how-improve-application-security-using-fortifysource3

[NexAdn]

How about just providing a default value and letting users/packagers override the default as desired? Then we can have a sane default for the standard build and allow for setting a custom fortification level e.g. for testing increased fortification levels or just enabling them for hardened builds.

[imwints]

Can you make a suggestion what this would look like?

[NexAdn]

For the Makefile, just put -D_FORTIFY_SOURCE=3 (or whatever level you choose) into some overridable variable (similar to OPTFLAGS). For CMake, there is the $<IF: generator expression, so an option() to enable/disable default fortification should be possible.

[imwints]

I've put the flag behind a build flag. It is enabled by default and can be disabled, described in the readme.

Might be also worth considering that this is usually a type of flag distributions set or unset, like Alpine and Gentoo do with their fortify.h header and we shouldn't worry about it and maybe remove the flag on our side.

@NexAdn is this what you where thinking about?

@aristocratos what do you think?

[NexAdn]

@NexAdn is this what you where thinking about?

Looks good to me. Thanks!