Actions: create a `Lint` action that catches common silent build mistakes

[woodruffw]

This would be a nice feature advertisement for blight's functionality.

Some things we could lint for:

• -DFORTIFY_SOURCE instead of -D_FORTIFY_SOURCE: the former is a no-op, meaning that the user's expected fortifications are not actually compiled in.
• -D_FORTIFY_SOURCE without -O or higher: fortification doesn't work with -O0.
• Flags that disable baseline mitigations (-fno-stack-protector, -z execstack, others?)

H/T for @disconnect3d for the idea + initial lint ideas.

[disconnect3d]

Fwiw:

• -z noexecstack works while -z noexecstackLOL will only say: /usr/bin/ld: warning: -z noexecstackLOL ignored. but will pass; same for -Wl,-z,noexecstackLOL