WIP: enable some hardening options

Hi,

during the Debian security sprint in Hamburg we talked a bit about distribution hardening for buster. For the kernels there might be some improvements to be done whether by patches, KConfig options or runtime configuration (sysctl/mount options).

Here's a merge request (to be discussed) for enabling REFCOUNT_FULL and FORTIFY_SOURCE, as well as disabling HARDENED_USERCOPY_FALLBACK.

• refcount_t appeared in 4.11 and REFCOUNT_FULL appeared in 4.13 and was improved in 4.15. It replaces atomic_t reference counters by refcount_t type to protect from overflow (it comes from PAX_REFCOUNT). Due to performance concerns by default it uses an unchecked type, the checked one needs REFCOUNT_FULL. 4.15 introduced fast refcount_t for x86 so maybe we only should enable it there for now
• FORTIFY_SOURCE appeared in 4.13 and is the equivalent of the one found in glibc. It has both compile-time and runtime checks
• HARDENED_USERCOPY_FALLBACK=n appeared in 4.16 and is needed to enforce whitelisting, without it HARDENED_USERCOPY falls back to full-object checking

I've rebuild a kernel with that merge request and will let it run a few days and see what happens.

There are some arm specific hardening options we could enable (like UNMAP_KERNEL_AT_EL0, ARM64_SW_TTBR0_PAN and CPU_SW_DOMAIN_PAN) but I can't really test them right now so I've left them for now.