Support for CET-enforced CFI/shadow stacks

[woodruffw]

Windows is adding hardware-backed stack protection via Intel's CET:

• https://techcommunity.microsoft.com/t5/windows-kernel-internals/understanding-hardware-enforced-stack-protection/ba-p/1247815

It looks like the relevant linker flag is /CETCOMPAT:

• https://docs.microsoft.com/en-us/cpp/build/reference/cetcompat?view=vs-2017

We should figure out which bit that flag sets in the DLL characteristics/load config and support it.

[woodruffw]

Looks like getting this information will be a little annoying: it's stored in the "extended DLL characteristics", which are an entry of type IMAGE_DEBUG_TYPE_EX_DLLCHARACTERISTICS=20 in the debug data directory entry vector.

In other words, we'll need to:

• Grab the debug data directory entry vector via DIR_DEBUG
• Walk it until we find an entry of type IMAGE_DEBUG_TYPE_EX_DLLCHARACTERISTICS
• Check its data for the bitmask IMAGE_DLLCHARACTERISTICS_EX_CET_COMPAT (0x0001)

We could do this manually with the current pe-parse API, but it's probably also well-suited for a high-level API change (e.g. IterDebug).

[woodruffw]

I'm going to push this to 2.1, since the right way to do it is with some pe-parse changes.