Enable security-hardened go binaries (when cgo enabled)

[bnevis-i]

The following blog post describes Arch Linux' efforts to harden Go binaries.

https://shibumi.dev/posts/hardening-executables/

A cursory look at some of the EdgeX binaries shows that we could do better with RELRO and PIE. RELRO performs dynamic link relocations at the start of execution and then makes the relocation patch table read-only so that it can't be modified by malicious code later. PIE enables randomized virtual memory addresses.

Note: mitigations are difference for CGO vs non-CGO binaries.