Draft: Use proper flags for LIBCPP hardening

• LLVM 18 uses a 'hardened mode' (https://libcxx.llvm.org/Hardening.html). There are several levels of severity available here. I've chosen _LIBCPP_HARDENING_MODE_EXTENSIVE as the strongest-but-one. The strongest one (_DEBUG) doesn't affect ABI still but is reserved for stldebug.
• LLVM 15 uses a similar approach to libstdc++ called '_LIBCPP_ENABLE_ASSERTIONS'
• Note that LLVM 17 while in development had fully deprecated _LIBCPP_ENABLE_ASSERTIONS in favour of hardened, but changed its mind last-minute hence why we had D_LIBCPP_ENABLE_HARDENED_MODE=1

Thanks to Sam James for taking the time to document this mess.

This feature is explained in detail on the latest Google Hug Hunters blogpost