build: enable PIE when compiling Linux builds, fix #14961. (#15152)

PIE allows an application to utilize the full benefits of ASLR
to prevent itself from exploitations, but it was disabled for
all released versions of Electron (3.0 and prior).

Currently, PIE is already enabled since 9294fac but enabling it
for all released version is still an ongoing work (#14961). This
patch backports PIE to the 3.0.x branch.

Signed-off-by: Tom Li <tomli@tomli.me>

brightray/brightray.gyp

@@ -84,6 +84,8 @@
           },
           'cflags': [
             '<!@(<(pkg-config) --cflags <(linux_system_libraries))',
+            # Needed for PIE
+            '-fPIC',
           ],
           'direct_dependent_settings': {
             'cflags': [

common.gypi

@@ -263,6 +263,7 @@
           ['OS=="linux"', {
             'cflags': [
               '-Wno-empty-body',
+              '-fPIC',
             ],
           }],  # OS=="linux"
           ['OS=="win"', {

electron.gyp

@@ -253,6 +253,16 @@
               ],
             },
           ],
+          'link_settings': {
+            'ldflags': [
+              # Build as Position-Independent Executable to mitigate exploitations.
+              '-pie',
+            ],
+          },
+          'cflags_cc': [
+            # Needed for PIE
+            '-fPIC',
+          ]
         }],  # OS=="linux"
       ],
     },  # target <(project_name)
@@ -441,6 +451,7 @@
           # Required settings of using breakpad.
           'cflags_cc': [
             '-Wno-empty-body',
+            '-fPIC',
           ],
           'include_dirs': [
             'vendor/breakpad/src',