Add CMake reference implementation of hardening guide

[sueszli]

Builds on top of: #998

This commit translates the recommendations from Compiler-Options-Hardening-Guide-for-C-and-C++.md
into a universal, script-like CMake configuration that serves as a plug-and-play compiler
hardening template.

Purpose:

Rather than manually selecting and applying flags from the guide, this template automatically
applies the appropriate recommendations based on:

• Compiler type (GCC vs Clang)
• Operating system (Linux-specific protections)
• Architecture (x86_64 vs ARM64)
• Build type (Release vs Debug)

This improves accessibility by letting developers drop the configuration into their projects and
immediately benefit from the guide's recommendations without needing expertise in compiler
security flags.

Implementation:

• Enforces latest stable compiler versions (GCC ≥14.0.0, Clang ≥16.0.0)
• Uses conditional logic to apply the correct flags for each environment
• Includes Dockerfile and Makefile for testing with both compilers

Directory Restructure:

• example-minimal/: Original Makefile approach
• example-cmake/: New universal template approach

This transforms the static guide into an actionable, copy-paste template that makes compiler
hardening accessible regardless of security expertise.

[sueszli]

Needs Product: Compiler Hardening Guide label :)

[gkunz]

Hi @sueszli,

thank you very much for your contribution and sorry for the lack of feedback for so long. The compiler guide work was a bit on hold while Thomas was out of office, but we should pick this up soon.

[sueszli]

Thanks for the update!

Huge fan of this project. Feel free to request additional features or a rewrite in SCons.

I would love to make a reliable template with sane defaults that engineers can bootstrap projects with - without needing a PhD in systems security ;)