Merge bitcoin/bitcoin#29695: guix: build GCC with --enable-standard-branch-protection

7850c5fe20a034438e00f6c12ce51efc6af3a1aa guix: build GCC with --enable-standard-branch-protection (fanquake)

Pull request description:

  This is one change extracted from #24123 (which now produces fully BTI & PAC enabled bins), which will mean that everything in depends, for Guix builds, is compiled using `-mbranch-protection=standard`.

  Turning this on by default, is similar to what we already do with `--enable-default-ssp`, `--enable-default-pie` etc.

  See: https://gcc.gnu.org/install/specific.html#aarch64-x-x

  > To enable Branch Target Identification Mechanism and Return Address Signing by default at configure time use the `--enable-standard-branch-protection` option.

  > This is equivalent to having `-mbranch-protection=standard` during compilation. This can be explicitly disabled during compilation by passing the `-mbranch-protection=none` option which turns off all types of branch protections.

ACKs for top commit:
  TheCharlatan:
    ACK 7850c5fe20a034438e00f6c12ce51efc6af3a1aa

Tree-SHA512: 18f898da27021bab502e708ea5fa9b325352f8f6e23d9488a2a0feda87e0af2ac0e4f87b3af9ad6a9a37bbfc99ab0285de4f0bdc174dcd38163d92c122e958e2

1 files changed, 1 insertions, 0 deletions

diff --git a/contrib/guix/manifest.scm b/contrib/guix/manifest.scm
index 3353c8a874..e24a61bf9d 100644
--- a/contrib/guix/manifest.scm
+++ b/contrib/guix/manifest.scm
@@ -423,6 +423,7 @@ inspecting signatures in Mach-O binaries.")
             (list "--enable-initfini-array=yes",
                   "--enable-default-ssp=yes",
                   "--enable-default-pie=yes",
+                  "--enable-standard-branch-protection=yes",
                   building-on)))
         ((#:phases phases)
           `(modify-phases ,phases