cmd/link: add option to enable full RELRO for ELF

-bindnow linker option enables full RELRO on ELF targets.

This options defaults to false and preserves
current behavior - partial relro for buildmode=pie.

Also, the following changes were made to align
internal linker's behavior with external ELF linkers:
- GNU_RELRO segment is marked Read-only
- .dynamic is a relro section for partial and full RELRO
- .got is a relro section for partial and full RELRO
- .got.plt is a relro section for full RELRO only

Supersedes #45681 (golang.org/cl/312509)

Change-Id: I51c4ef07b14beceb7cd6fd989f323e45f89a63ca
GitHub-Last-Rev: bc68264410
GitHub-Pull-Request: golang/go#58869
Reviewed-on: https://go-review.googlesource.com/c/go/+/473495
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Cherry Mui <cherryyz@google.com>
Run-TryBot: Cherry Mui <cherryyz@google.com>
Reviewed-by: Than McIntosh <thanm@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>

src/cmd/link/internal/ld/lib.go

@@ -1599,12 +1599,16 @@ func (ctxt *Link) hostlink() {
 	}
 
 	var altLinker string
-	if ctxt.IsELF && ctxt.DynlinkingGo() {
-		// We force all symbol resolution to be done at program startup
+	if ctxt.IsELF && (ctxt.DynlinkingGo() || *flagBindNow) {
+		// For ELF targets, when producing dynamically linked Go code
+		// or when immediate binding is explicitly requested,
+		// we force all symbol resolution to be done at program startup
 		// because lazy PLT resolution can use large amounts of stack at
 		// times we cannot allow it to do so.
 		argv = append(argv, "-Wl,-z,now")
+	}
 
+	if ctxt.IsELF && ctxt.DynlinkingGo() {
 		// Do not let the host linker generate COPY relocations. These
 		// can move symbols out of sections that rely on stable offsets
 		// from the beginning of the section (like sym.STYPE).