Feature: conditional hardening, especially for daemons + libraries

So far the build system has not been concerned with run-time hardening
measures the typical toolchains provide (beside unconditional enforcing
of -fstack-protector-all). Hence make a step in that direction,
enabling following if available and anticipating more to come:

[$LD -z relro]

• daemons incl. libs
• make some parts of Global Offset Table (GOT) read-only

[$CC -fPIE + ld -pie]

• daemons
• benefit from Address Space Layout Randomization (ASLR) for code areas

[$LD -z now]

• daemons incl. libs, only when the former two features are supported
• all symbols are resolved initially to that complete GOT is read-only

[$CC -fstack-protector-strong/-fstack-protector-all/-fstack-protector]

• universal
• extra run-time checks for buffer overflows
• NOTE: in case -fstack-protector-strong is supported, this is effectively a weakening of previously enforced -fstack-protector-all, but note that this variant comes with not entirely negligible performance penalty [1], making "strong" variant a reasonable tradeoff for something that is not in the prime line of possible attacks

For details on how to instruct configure script to do the right
thing (for when the default won't cut it), see detailed comment
in configure.ac under "Hardening flags" section.

[1] http://nvlpubs.nist.gov/nistpubs/TechnicalNotes/NIST.TN.1860.pdf