Hardened profiles improvements - 01/01/2023 00:00 GMT

Gentoo's hardened profiles are adopting two new modern toolchain hardening
techniques:
1. Level 3 fortification (-D_FORTIFY_SOURCE=3) [0]
2. libstdc++ assertions (-D_GLIBCXX_ASSERTIONS) [1]

These will both be enabled by default with USE=hardened on sys-devel/gcc
for >=sys-devel/gcc-12.2.1_p20221231.

To view the existing list of hardening changes applied by the profiles,
see the wiki [2].

Stable users may wish to add sys-devel/gcc-12.2.1_p20221231 into
/etc/portage/package.accept_keywords if they wish to take advantage
of these improvements early, before GCC 12 is marked stable.

## Migration

To fully take advantage of these new settings, GCC must first
be upgraded, and then all packages must be re-emerged:
1. # emerge --sync
2. # emerge --verbose --oneshot ">=sys-devel/gcc-12.2.1_p20221231"
3. # gcc-config latest
4. # emerge --verbose --emptytree @world

## Troubleshooting

In the event that some packages fail at runtime, please file a bug
with the full details. To temporarily workaround the problem,
it should be possible to recompile broken packages with the
following *FLAGS:
CFLAGS="$ -D_FORTIFY_SOURCE=2"
CXXFLAGS="$ -D_FORTIFY_SOURCE=2 -U_GLIBCXX_ASSERTIONS"

[0] https://bugs.gentoo.org/876893
[1] https://bugs.gentoo.org/876895
[2] https://wiki.gentoo.org/wiki/Hardened/Toolchain#Changes