hardened toolchain options via "hardening-wrapper"

[Tollef Fog Heen]

* Kees Cook 

| To perform package builds with the options enabled, a developer needs
| to do two things:
| - install hardening-wrapper (surprise!)
| - set the environment variable DEB_BUILD_HARDENING=1

Any reason why this isn't just «add 'harden' to DEB_BUILD_OPTIONS»?
We already have a standard mechanism for twiddling builds and
supporting that would make sense.

-- 
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are