MSFT: 49941670 - Enable Spectre mitigations and CET Shadow Stack

Why is this change being made?

In-proc WME binaries have the following BinSkim errors:

Addressed BA2024.EnableSpectreMitigations errors by setting the /Qspectre compiler option and linking against the Spectre-mitigated runtime libraries
- vcvars.bat currently uses the wrong path for OneCore Spectre-mitigated libraries. I filed vcvars.bat uses the wrong path for OneCore Spectre-mitigated libraries - Developer Community (visualstudio.com) and added a workaround in BuildFFmpeg.ps1.
- FFmpegConfig.sh sets the -QSpectre option for --extra-cflags to enable Spectre mitigations for the FFmpeg binaries. However, --extra-cflags options also get passed to the ARM assembler and -QSpectre causes an A2029 (unknown command-line argument) error for ARM/ARM64 builds. To work around this, I updated BuildFFmpeg.ps1 to modify FFmpeg's configure script to have armasm_flags() filter out -Q* options.
Addressed BA2025.EnableShadowStack errors by setting the /CETCOMPAT linker option (only applicable to x86 and x64)
Updated BuildFFmpeg.ps1 to restore the original environment state after the FFmpeg build to address issues with building FFmpeg for different architectures in the same PowerShell instance

I ran BinSkim on the FFmpegInterop/FFmpeg binaries and verified that no BA2024.EnableSpectreMitigations or BA2025.EnableShadowStack errors are reported.
- The FFmpeg binaries still have BA2007.EnableCriticalCompilerWarnings errors, but I consider those to be external/by design as FFmpeg's configure script explicitly disables some warnings when compiling with MSVC.
I validated the following scenarios:
- Ogg playback in MediaPlayerCPP
- Ogg playback in Media Player with in-proc WME