Also added hardening flags. We can't enable PIE because i3bar seems to have problems with that. We also shouldn't enable bindnow, as it the startup performance penalty (though probably not too bad) might not be acceptable for i3-msg and i3-input.