release: Add security/export checks to gitian and fix current failures

- fix parsing of BIND_NOW with older readelf
- add _IO_stdin_used to ignored exports

For details see: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=634261#109

- add check-symbols and check-security make targets

These are not added to the default checks because some of them depend on
release-build configs.

- always link librt for glibc back-compat builds

glibc absorbed clock_gettime in 2.17. librt (its previous location) is safe to
link in anyway for back-compat.

Fixes #7420

- add security/symbol checks to gitian

Github-Pull: #7424
Rebased-From: cd27bf51e0 475813ba5b f3d3eaf78e a8ce872118 a81c87fafc

Makefile.am

@@ -26,6 +26,9 @@ OSX_QT_TRANSLATIONS = da,de,es,hu,ru,uk,zh_CN,zh_TW
 
 DIST_DOCS = $(wildcard doc/*.md) $(wildcard doc/release-notes/*.md)
 
+BIN_CHECKS=$(top_srcdir)/contrib/devtools/symbol-check.py \
+           $(top_srcdir)/contrib/devtools/security-check.py
+
 WINDOWS_PACKAGING = $(top_srcdir)/share/pixmaps/bitcoin.ico \
   $(top_srcdir)/share/pixmaps/nsis-header.bmp \
   $(top_srcdir)/share/pixmaps/nsis-wizard.bmp \
@@ -213,7 +216,7 @@ endif
 
 dist_noinst_SCRIPTS = autogen.sh
 
-EXTRA_DIST = $(top_srcdir)/share/genbuild.sh qa/pull-tester/rpc-tests.py qa/rpc-tests $(DIST_DOCS) $(WINDOWS_PACKAGING) $(OSX_PACKAGING)
+EXTRA_DIST = $(top_srcdir)/share/genbuild.sh qa/pull-tester/rpc-tests.py qa/rpc-tests $(DIST_DOCS) $(WINDOWS_PACKAGING) $(OSX_PACKAGING) $(BIN_CHECKS)
 
 CLEANFILES = $(OSX_DMG) $(BITCOIN_WIN_INSTALLER)