Update config-securedrop with various security settings

[ageis]

I have a lot more security features which I've found/researched and would like to enable, and some of them are likely going to be required for a PR which I have in progress which adds some boot options to the SecureDrop servers cmdline. Unfortunately, most of them are not supported or available in 4.4.x and mostly become available around 4.14. See the link in the commit message for further details: https://github.com/freedomofpress/ansible-role-grsecurity/commit/4ddff9cc911fe367d223ccc0f33f99d0b8d0ba16 Here's the full list if you're curious (some are redundant or resemble grsec/PaX features e.g. memory layout randomization, stack/heap/overflow protection, so it will be fun to see how they interact).

I arrived at these by looking at recommended settings from Linux mainline's kernel hardening team. I then referenced them in the Linux Kernel Driver Database to make sure they were available options in the 4.4 LTS series. I then ran make config on the 4.4.115 source patched with a slightly newer version of grsecurity. So it's a 100% "good" configuration. Just needs testing.

I hope I don't have to waste space justifying or explaining what each option does, I trust you are able to look them up and will comment if there are any questions or concerns.

@conorsch @msheiny

[conorsch]

As with #114, the proper target for these changes is a separate repository. I've taken the liberty of porting the work presented here to https://github.com/freedomofpress/ansible-role-grsecurity-build/pull/34, making sure to preserve authorship information.

Thanks for submitting, @ageis. We'll review over in https://github.com/freedomofpress/ansible-role-grsecurity-build/pull/34