BinSkim warnings from NativeAOT Linux binaries

[jkotas]

Running binskim on Linux NativeAOT binary produces:

HelloWorld: error BA3001: PIE disabled on executable 'HelloWorld'.  This means the code section will always be loaded to the same address, even if ASLR is enabled in the Linux kernel.  To address this, ensure you are compiling with '-fpie' when using clang/gcc.
HelloWorld: error BA3002: Stack on 'HelloWorld' is executable, which means that an attacker could use it as a place to store attack shellcode.  Ensure you are compiling with '-z noexecstack' to mark the stack as non-executable.
HelloWorld: error BA3004: 'HelloWorld' is using debugging dwarf version '4'. The dwarf version 5 contains more information and should be used. To enable the debugging version 5 use '-gdwarf-5'.
HelloWorld: error BA3006: The non-executable stack is not enabled for this binary, so 'HelloWorld' can have a vulnerability of execution of the data written on the stack. Ensure you are compiling with the flag '-z noexecstack' to address this.
HelloWorld: error BA3011: The BIND_NOW flag is missing from this binary, so relocation sections in 'HelloWorld' will not be marked as read only after the binary is loaded.  An attacker can overwrite these to redirect control flow.  Ensure you are compiling with the compiler flags '-Wl,z,now' to address this.