Update compile flags per security review

[eseidelGoogle]

During security review we were asked to make sure our C++ compile flags for Release configs use the following:

Compile-time flags: -O2 -D_FORTIFY_SOURCE=2 -fstack-protector-all -fPIE -Wa,--noexecstack -Wformat -Wformat-security
Link-time flags: -pie -Wl,-z,relro,-z,now

This is non-urgent, but we should address for 1.0.

FYI @abarth @chinmaygarde

[kf6gpe]

So, the Android changes are in my branch; I'm working on testing the iOS changes now. Some notes about iOS changes:

• iOS compiles with PIE by default, but I'll add it as explicit flags so it's clear what we're doing.
• The compiler flags -fstack-protector-all, -Wa,--noexecstack, -Wformat and -Wformat-security appear to have no corresponding flags in the iOS toolchain. I haven't found good counterparts, but admit I need to continue to look.
• The linker flag -Wl,-z,relro,-z,now has no correspondence either.

[kf6gpe]

After chatting with @goderbauer, we agree that we don't want -O2 if we can help it either --- the space hit is just too high --- -Oz on helloworld weighs in at 5,805,240B, while -O2 weighs in at 8,024060B in his test. I'm backing that out now.

[goderbauer]

@kf6gpe The sizes you quoted are for the uncompressed libflutter.so, which ships with every app (not just helloworld).

[kf6gpe]

@goderbauer Good point --- thanks for the clarification.

[kf6gpe]

Looks like this has caused regressions in disk space size as well as performance for tiles_scroll_perf__timeline_summary/average_frame_rasterizer_time_millis. We've rolled back this CL at present until we pinpoint which flag is the culprit.