Enable full RELRO on linux

[sjkelly]

This enables full RELRO (Read-Only Relocations) on Linux.
It is helpful for hardening Linux binaries and prevents GOT overwrite attacks.

There is some concern this would slow down startup or package load, but under
the following workloads there is no detectable difference, and infact RELRO
appears slightly faster.

time julia -e 'using Pkg; using LinearAlgebra; exit()'
time julia -e 'exit()'

Master sys time average: 0.052
This commit sys time average: 0.044

We can validate that "full RELRO" is enabled with checksec:

[nix-shell:~/src/julia]$ checksec --file=./julia
RELRO           STACK CANARY      NX            PIE             RPATH      RUNPATH      Symbols         FORTIFY Fortified       Fortifiable     FILE
Full RELRO      No canary found   NX enabled    No PIE          No RPATH   RUNPATH     39 Symbols         No    0               0               ./julia

[ViralBShah]

Should we do a pkgeval run here?

[sjkelly]

@staticfloat mentioned this may break libblastrampoline. I didn't see any issues locally with LinearAlgebra or MKL, but I am not entirely clear on the low level mechanics here.

[sjkelly]

For some reason fedora claims "full RELRO" needs -Wl,-z,relro,-z,now but checksec seems to report it is okay without the -z,now: https://fedoraproject.org/wiki/Security_Features_Matrix#Built_with_RELRO

[sjkelly]

Merge?