configure: Raise FORTIFY_SOURCE level to 3

[zdohnal]

GCC supports level 3 for some time, try using it.

[michaelrsweet]

Need to test whether level 3 works before using it.

[michaelrsweet]

FWIW, macOS would allow a value of 3 but doesn't do anything different from 2.

[michaelrsweet]

Info about what level 3 does is here

I'm not sure whether the CI infrastructure supports level 3 - have you run:

./configure --enable-debug --disable-shared
make
make test

on a system that supports it?

[zdohnal]

Ok, interesting - if I use --enable-debug --disable-shared I can't compile due (regardless of FORTIFY_SOURCE patch):

Linking ippevepcl...
/usr/bin/ld: ippevepcl.o: relocation R_X86_64_32 against `.rodata' can not be used when making a PIE object; recompile with -fPIE

Adding -fPIC into CFLAGS fixes it (on contrary to the message)... but in cups-sharedlibs.m4 we set PICFLAG to 0 if --disable-shared is used.

Either way, the compilation goes fine here - I have Fedora 38, where all packages should be built with -D_FORTIFY_SOURCE=3, so gcc supports it and if I build our current master here with the flag, tests pass.

[siddhesh]

Would it be possible to look for presence of _FORTIFY_SOURCE in the flags and then skipping addition if it's already present? That way the flag won't end up overriding distribution flags.

[zdohnal]

Total size with _FORTIFY_SOURCE=3 = 14 634 920
Total size with _FORTIFY_SOURCE=2 = 14 622 368

Time consumption:
_FORTIFY_SOURCE=3:

real	2m10.716s
user	0m11.175s
sys	0m2.953s

_FORTIFY_SOURCE=2:

real	2m10.428s
user	0m10.849s
sys	0m2.999s

So the tests are slightly slower and object files bigger on Fedora 39 with _FORTIFY_SOURCE=3, but IMO it is within acceptable limits.