build: build with -D_FORTIFY_SOURCE=3 if available

[kmk3]

If not, build with -D_FORTIFY_SOURCE=2 if available (this is what is currently done).

Note: -D_FORTIFY_SOURCE=3 is the new default on Arch; see commit 0da23da65 ("build: fix "warning: "_FORTIFY_SOURCE" redefined" (#6283)", 2024-03-20).

This is a follow-up to #6283.

[kmk3]

Closing for now, as it breaks scan-build in CI:

Log from https://github.com/netblue30/firejail/actions/runs/8435502769/job/23101049462?pr=6295:

scan-build-14 --status-bugs make
scan-build: Using '/usr/lib/llvm-14/bin/clang' for static analysis
make[1]: Entering directory '/home/runner/work/firejail/firejail'
make -C src/lib
make[2]: Entering directory '/home/runner/work/firejail/firejail/src/lib'
/usr/share/clang/scan-build-14/bin/../libexec/ccc-analyzer -ggdb -O2 -DVERSION='"0.9.73"' -Wall -Wextra -W -Werror -Wformat -Wformat-security -fstack-protector-all -DPREFIX='"/usr"' -DSYSCONFDIR='"/etc/firejail"' -DLIBDIR='"/usr/lib"' -DBINDIR='"/usr/bin"' -DVARDIR='"/var/lib/firejail"'  -DHAVE_APPARMOR -DHAVE_CHROOT -DHAVE_DBUSPROXY -DHAVE_FILE_TRANSFER  -DHAVE_GLOBALCFG  -DHAVE_LANDLOCK -DHAVE_NETWORK  -DHAVE_OUTPUT  -DHAVE_PRIVATE_HOME  -DHAVE_SELINUX -DHAVE_SUID -DHAVE_USERNS -DHAVE_USERTMPFS -DHAVE_X11 -D_FORTIFY_SOURCE=3 -fstack-clash-protection -fstack-protector-strong  -MMD -MP -fPIE -g -O2  -c ../../src/lib/common.c -o ../../src/lib/common.o
<command-line>: error: "_FORTIFY_SOURCE" redefined [-Werror]
<built-in>: note: this is the location of the previous definition
cc1: all warnings being treated as errors
make[2]: *** [../../src/prog.mk:22: ../../src/lib/common.o] Error 1
make[2]: Leaving directory '/home/runner/work/firejail/firejail/src/lib'
make[1]: *** [Makefile:70: src/lib] Error 2
make[1]: Leaving directory '/home/runner/work/firejail/firejail'
scan-build: Analysis run complete.