Auto merge of #4670 - daira:update-checksec, r=str4d

Update checksec.sh to slimm609/checksec.sh version 2.3.0

To verify against the upstream signature:
```
git clone https://github.com/slimm609/checksec.sh
cd checksec.sh
git checkout a6df608ac077689b2160e521db6601abc7b9e26e
openssl dgst -sha256 -verify checksec.pub -signature checksec.sig ${ZCASH_SRC}/qa/zcash/checksec.sh
```

This version has more thorough Fortify checking (using `--extended --fortify-file=`) and checks specific to Clang-compiled executables.

contrib/debian/copyright

@@ -77,7 +77,9 @@ Copyright: 2008, Steven G. Johnson <stevenj@alum.mit.edu>
 License: GPLv3-or-later-with-Autoconf-exception
 
 Files: qa/zcash/checksec.sh
-Copyright: 2009-2011, Tobias Klein
+Copyright: 2014-2015, Brian Davis
+ 2013, Robin David
+ 2009-2011, Tobias Klein
 License: BSD-3clause-Tobias-Klein
 
 Files: depends/sources/libsodium-*.tar.gz

qa/zcash/full_test_suite.py

@@ -32,7 +32,7 @@ RE_FORTIFY_USED = re.compile('Binary compiled with FORTIFY_SOURCE support.*Yes')
 
 def test_rpath_runpath(filename):
     output = subprocess.check_output(
-        [repofile('qa/zcash/checksec.sh'), '--file', repofile(filename)]
+        [repofile('qa/zcash/checksec.sh'), '--file=' + repofile(filename)]
     )
     if RE_RPATH_RUNPATH.search(output.decode('utf-8')):
         print('PASS: %s has no RPATH or RUNPATH.' % filename)
@@ -44,7 +44,7 @@ def test_rpath_runpath(filename):
 
 def test_fortify_source(filename):
     proc = subprocess.Popen(
-        [repofile('qa/zcash/checksec.sh'), '--fortify-file', repofile(filename)],
+        [repofile('qa/zcash/checksec.sh'), '--fortify-file=' + repofile(filename)],
         stdout=subprocess.PIPE,
     )
     line1 = proc.stdout.readline()