Add support for Intel CET Shadow Stacks

[fkil]

The Linux Kernel and glibc support CET shadow stacks since early 2024 (Linux Kernel 6.6, glibc 2.39). The feature is currently off by default, but can be enabled via a glibc tunable. It would be nice if greenlet would also support it. Since it uses a custom stack switching routine, it currently is not compatible with shadow stacks.

Some distributions (e.g. Arch Linux) compile packages (including python) automatically with shadow stack support (compiler flag: -fcf-protection). Since python is built with this flag, installing/building this package on such a distro currently leads to the shared library reporting shadow stack support and then crashing when returning from a routine if shadow stacks are enabled (downloading the package from pypi is still fine and works).

To enable Shadow Stacks in permissive mode with glibc (meaning it will be disabled if any loaded library does not advertise support):
export GLIBC_TUNABLES=glibc.cpu.hwcaps=SHSTK:glibc.cpu.x86_shstk=permissive

To reproduce one can perform the following on such a distro and the result would be a segmentation fault:

git clone https://github.com/python-greenlet/greenlet.git
python -m venv venv
source venv/bin/activate
pip install ./greenlet/
export GLIBC_TUNABLES=glibc.cpu.hwcaps=SHSTK:glibc.cpu.x86_shstk=permissive
python test.py

test.py:

import greenlet
f = lambda : print("Hello World!")
greenlet.greenlet(f).switch()
print("Hello World again!")

[loqs]

@hjl-tools does greenlet need a similar fix to libunwind/libunwind#904?