Shared Library noexecstack flag

[yuzawa-san]

Is your feature request related to a problem? Please describe.
The onnxruntime shared library is linked without -z noexecstack flag, so the stack is executable as a result. This triggers security warnings specifically when using the Java API, as the JVM's loader emits a warning (but does not outright prevent the loading of the library). Here is an example of what type of warning the JVM makes #2215 (comment)
My environment creates an identical warning.

System information

• ONNX Runtime version (you are using): 1.1.0
• Os: ubuntu linux, but should be reproducible in most linux distros

Describe the solution you'd like
I played around with adding -z noexecstack to end of https://github.com/microsoft/onnxruntime/blob/master/cmake/onnxruntime.cmake#L42 and it seemed to work. However I am not a day to day C/C++ dev, so I do not know the implications of this.

Describe alternatives you've considered
https://wiki.ubuntu.com/SecurityTeam/Roadmap/ExecutableStacks seems to discuss marking inline assembly manually. Once again, I do not know the implications or best practices for this, so I think this issue is a good place to discuss possible solutions.

[yuzawa-san]

@Craigacp was the original Java API developer and found this first.

[Craigacp]

In my testing everything also appeared to work just fine without an executable stack, though I tried it by setting the flag on the built so file, rather than by changing the CMake flags.

[snnn]

Good suggestion. We'll do it.