coreos-kernel: more security option updates

- Enable RANDOMIZE_BASE, hopefully Xen is ok with this now.
 - Disable HIBERNATE/KEXEC_JUMP, we don't need these features.
 - Fix RO/NX settings in the arm64 kernel.

sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/files/amd64_defconfig-4.2

@@ -93,11 +93,10 @@ CONFIG_KEXEC_FILE=y
 CONFIG_KEXEC_VERIFY_SIG=y
 CONFIG_KEXEC_BZIMAGE_VERIFY_SIG=y
 CONFIG_CRASH_DUMP=y
-CONFIG_KEXEC_JUMP=y
+CONFIG_RANDOMIZE_BASE=y
 CONFIG_PHYSICAL_ALIGN=0x1000000
 CONFIG_CMDLINE_BOOL=y
 CONFIG_CMDLINE="rootflags=rw mount.usrflags=ro"
-CONFIG_HIBERNATION=y
 # CONFIG_ACPI_AC is not set
 # CONFIG_ACPI_BATTERY is not set
 CONFIG_ACPI_BUTTON=m

sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/files/arm64_defconfig-4.2

@@ -228,7 +228,9 @@ CONFIG_SCHEDSTATS=y
 # CONFIG_DEBUG_PREEMPT is not set
 CONFIG_DEBUG_CREDENTIALS=y
 # CONFIG_FTRACE is not set
+CONFIG_DEBUG_SET_MODULE_RONX=y
 CONFIG_DEBUG_RODATA=y
+CONFIG_DEBUG_ALIGN_RODATA=y
 CONFIG_SECURITY=y
 CONFIG_CRYPTO_ANSI_CPRNG=y
 CONFIG_ARM64_CRYPTO=y