Enabled hardened executables by default.

The result of running "hardening-check wesnoth" now shows:
* Position Independent Executable: yes
* Stack protected: yes
* Fortify Source functions: yes (some protected functions found)
* Read-only relocations: yes
* Immediate binding: yes

(cherry-picked from commit 3290961db2)

CMakeLists.txt

@@ -146,6 +146,7 @@ if(CMAKE_SYSTEM_NAME STREQUAL "Linux")
 	option(ENABLE_APPDATA_FILE "enable installation of an appdata file for appstream" ON)
 endif(CMAKE_SYSTEM_NAME STREQUAL "Linux")
 
+option(HARDEN "Whether to enable options to harden the executables" ON)
 option(ENABLE_STRICT_COMPILATION "Sets the strict compilation mode" OFF)
 option(ENABLE_PEDANTIC_COMPILATION "Sets the pedantic compilation mode" OFF)
 option(ENABLE_DEBUG_WINDOW_LAYOUT "Add the debug option to allow the generation of debug layout files in dot format" OFF)

SConstruct

@@ -56,7 +56,7 @@ opts.AddVariables(
     BoolVariable('enable_lto', 'Whether to enable Link Time Optimization for build=release', False),
     ('arch', 'What -march option to use for build=release, will default to pentiumpro on Windows', ""),
     ('opt', 'override for the build\'s optimization level', ""),
-    BoolVariable('harden', 'Whether to enable options to harden the executables', False),
+    BoolVariable('harden', 'Whether to enable options to harden the executables', True),
     BoolVariable('glibcxx_debug', 'Whether to define _GLIBCXX_DEBUG and _GLIBCXX_DEBUG_PEDANTIC for build=debug', False),
     EnumVariable('profiler', 'profiler to be used for build=profile', "gprof", ["gprof", "gcov", "gperftools", "perf"]),
     EnumVariable('pgo_data', 'whether to generate profiling data for PGO, or use existing profiling data', "", ["", "generate", "use"]),