host compiler: enable compiler hardening flags

Enable the following compiler hardening flags:

* -Wl,-z,relro
* -Wl,-z,now
* -fstack-protector

relro / bind_now make the relro region read-only after linking,
preventing certain attacks against ELF data structures.

stack-protector adds stack canaries, which can detect exploits
which overwrite parts of the stack.

Explicitly not added in this change is FORTIFY_SOURCE=2. Adding that
option turns on glibc's warn_unused_result attributes. This generates
a huge number of new compile time warnings, and for the multiple
makefiles which have -Werror in them, turns those warnings into errors.
I'm not able to fix all the errors right away.

Bug: 20558757
Change-Id: I86791177c6695f5325233d9dd9a5dd3ccc2b1a2f