fix: add security hardening flags and optimize build settings

1. Added security hardening compilation flags in debian/rules including:
   - Stack protection (-fstack-protector-all)
   - Relocation hardening (-Wl,-z,relro/now/noexecstack)
   - Warning flags (-Wall)
2. Simplified dtkwidget.cmake by removing redundant linker flags
3. Maintained essential security flags while cleaning up build
configuration
4. These changes improve binary security while keeping build process
efficient

fix: 添加安全加固标志并优化构建设置

1. 在debian/rules中添加安全加固编译标志包括：
   - 栈保护 (-fstack-protector-all)
   - 重定位加固 (-Wl,-z,relro/now/noexecstack)
   - 警告标志 (-Wall)
2. 简化dtkwidget.cmake，移除冗余链接器标志
3. 在保持基本安全标志的同时清理构建配置
4. 这些改动在保持构建效率的同时提高了二进制安全性

Author: 18202781743

debian/rules

@@ -3,6 +3,12 @@ DPKG_EXPORT_BUILDFLAGS = 1
 include /usr/share/dpkg/default.mk
 export QT_SELECT = qt5
 
+# 安全编译参数
+export DEB_BUILD_MAINT_OPTIONS = hardening=+all
+export DEB_CFLAGS_MAINT_APPEND = -Wall
+export DEB_CXXFLAGS_MAINT_APPEND = -Wall
+export DEB_LDFLAGS_MAINT_APPEND = -Wl,--as-needed -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -Wl,-E
+
 DEB_HOST_MULTIARCH ?= $(shell dpkg-architecture -qDEB_HOST_MULTIARCH)
 
 DEB_BUILD_ARCH ?= $(shell dpkg-architecture -qDEB_BUILD_ARCH)

dtkwidget.cmake

@@ -89,8 +89,7 @@ if (NOT CMAKE_BUILD_TYPE)
 endif()
 
 if(NOT MSVC)
-  set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fPIC -Wall -Wextra")
-  set(CMAKE_SHARED_LINKER_FLAGS "${CMAKE_SHARED_LINKER_FLAGS} -Wl,--as-needed")
+  set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fPIC -Wextra")
   set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -Wl,--as-needed -pie")
   if (CMAKE_BUILD_TYPE STREQUAL "Debug")
     set(BUILD_TESTING ON)