Enable BufferSecurityCheck for native DLLs to resolve BinSkim BA2007

[Aguilex]

This change enables the /GS (Buffer Security Check) compiler flag for three native libraries to resolve BinSkim error BA2007:

• libHarfBuzzSharp.dll: Added BufferSecurityCheck=true to all configurations in the vcxproj file, including creating the missing Debug|ARM64 ItemDefinitionGroup
• libEGL.dll and libGLESv2.dll: Added /GS flag to extra_cflags in the ANGLE GN build configuration

The /GS flag enables compile-time buffer overrun detection, which is an important security feature that helps prevent stack-based buffer overflow attacks.

Why

The /GS flag enables compile-time buffer overrun detection, which is an important security feature that helps prevent stack-based buffer overflow attacks. This resolves the BinSkim BA2007 security compliance error.

Testing

After rebuilding the native libraries with these changes, they should pass BinSkim analysis for the BA2007 check.

Bugs Fixed

• Fixes ~20 BinSkim bugs in AzDO.

API Changes

None.

Behavioral Changes

None.

Required skia PR

None.

PR Checklist

• Has tests (if omitted, state reason in description)
• Rebased on top of main at time of PR
• Merged related skia PRs
• Changes adhere to coding standard
• Updated documentation

[github-actions]

Triage Summary

Labels will be applied to indicate the affected areas related to security compliance in libHarfBuzzSharp and the platforms involved (Windows Classic and Windows UWP).

This issue does not appear to be a regression, as there are no mentions of compatibility issues with previous versions or performance degradation.

Detailed Summary and Actions

Summary of the triage:

• The issue pertains to enabling a compiler flag for the native DLL related to libHarfBuzzSharp, addressing a security compliance error.
• It affects applications running on Microsoft Windows using Win32 APIs and also impacts Universal Windows Platform (UWP) applications.
• The focus is primarily on security and compliance; however, the available labels pertain to performance, compatibility, and reliability, which are not directly aligned with the issue's primary concern.

Summary of the actions that will be performed:

Action	Item	Description
Apply Label	area/libHarfBuzzSharp.native	The issue pertains to enabling a compiler flag for the native DLL related to 'libHarfBuzzSharp'.
Apply Label	os/Windows-Classic	The issue involves native DLLs relevant for applications running on Microsoft Windows using Win32 APIs.
Apply Label	os/Windows-Universal-UWP	The change affects UWP applications on Windows due to the enablement of a compiler flag for native libraries.

Additional remarks:

• The focus on security and compliance regarding buffer overrun detection does not directly align with the available labels related to performance and compatibility.
• There were no significant concerns raised about compatibility with previous versions or any performance issues reported.

This entire triage process was automated by AI and mistakes may have been made. Please let us know so we can continue to improve.

[Copilot]

@mattleibow I've opened a new pull request, #3405, to work on those changes. Once the pull request is ready, I'll request review from you.