Identify security-features-of-interest within binaries

[wagoodman]

(From a conversation with @joshbressers )

What would you like to be added:
For each binary discovered in the scanned artifact (or if the artifact is a binary) denote the memory protection mechanisms being used (e.g. stack canaries, nx, relro, etc). This would be extra metadata attached to each file object (not package) that denotes the specific properties of interest.

Why is this needed:
This may be useful for folks that are trying to use SBOMs as a way to ensure that memory-safe practices are being followed and better figure a risk posture (without needing access to the original artifact for common cases).

Additional context:

• https://opensource.com/article/21/6/linux-checksec
• https://wiki.gentoo.org/wiki/Hardened/GNU_stack_quickstart
• https://github.com/slimm609/checksec.sh/blob/36a67b388193d26289773f4153cb3b9f5bf5c9ec/src/functions/proccheck.sh
• CSI memory safety software guidance.

[wagoodman]

I've crafted a PoC PR in #2443, however, there is still one missing element (selfrando) and a few more housekeeping tasks left. I won't be able to pick this up for a while, but for anyone interested in taking this across the finish line please shout out here to coordinate 🙏 .