Add Control Flow Guard support

[alvinhochun]

Adds the option to build with Control Flow Guard support. This is disabled by default and currently only enabled for the scheduled GitHub Actions build because it requires latest LLVM 16 and mingw-w64. We should change the default to enabled for the next release.

Closes #301

[mstorsjo]

Looking extremely good overall, thanks! I've only got a couple minor details to discuss.

[alvinhochun]

Thanks, I have addressed the comments. Let's wait and see how the actions https://github.com/alvinhochun/llvm-mingw/actions/runs/3158626818 and https://github.com/alvinhochun/llvm-mingw/actions/runs/3158634041 go.

[mstorsjo]

Thanks, I have addressed the comments. Let's wait and see how the actions https://github.com/alvinhochun/llvm-mingw/actions/runs/3158626818 and https://github.com/alvinhochun/llvm-mingw/actions/runs/3158634041 go.

Thanks! Can you kick off another actions run, with a branch on top of this which bumps llvm/mingw to versions that support it, and which enables it by default even for non-scheduled runs, to see it in action?

[alvinhochun]

Thanks, I have addressed the comments. Let's wait and see how the actions https://github.com/alvinhochun/llvm-mingw/actions/runs/3158626818 and https://github.com/alvinhochun/llvm-mingw/actions/runs/3158634041 go.

Thanks! Can you kick off another actions run, with a branch on top of this which bumps llvm/mingw to versions that support it, and which enables it by default even for non-scheduled runs, to see it in action?

https://github.com/alvinhochun/llvm-mingw/actions/runs/3158634041 does use the latest versions of llvm and mingw-w64 (the get-versions version check is enabled) and has cfguard enabled.

[mstorsjo]

Thanks, I have addressed the comments. Let's wait and see how the actions https://github.com/alvinhochun/llvm-mingw/actions/runs/3158626818 and https://github.com/alvinhochun/llvm-mingw/actions/runs/3158634041 go.

Thanks! Can you kick off another actions run, with a branch on top of this which bumps llvm/mingw to versions that support it, and which enables it by default even for non-scheduled runs, to see it in action?

https://github.com/alvinhochun/llvm-mingw/actions/runs/3158634041 does use the latest versions of llvm and mingw-w64 (the get-versions version check is enabled) and has cfguard enabled.

These test runs seem to have run successfully - so, I guess there's nothing left stopping this from getting merged then?

[alvinhochun]

These test runs seem to have run successfully - so, I guess there's nothing left stopping this from getting merged then?

Not from me!

[mstorsjo]

These test runs seem to have run successfully - so, I guess there's nothing left stopping this from getting merged then?

Not from me!

Great! I did some extra test runs with Wine (with run-tests.sh tweaked to actually run the failure tests there too), and it worked as expected (check_enabled indicated that it wasn't enabled and skipped the rest), so this looks good to go to me. Thanks!