Add -Wformat -Wformat-security to the list of compile flags.
This was not as straight forward as expected. Specifically, adding the
new flag to CFLAGS in did not work and was causing
compiler warnings. For instance, compiling memcheck/tests/execve2.c will
generate a -Wnonnull warning even though the testcase is explicitly
compiled with -Wno-nonnull. The reason is that (a) -Wformat is implied by
-Wnonnull and (b) the list of compiler flags gets assembled in the wrong
order. The culprit appears to be that we modify CFLAGS in and
that really is not the right place. Conceptually, configure should determine
tool-chain capabilities and not assemble compiler flags. That should be done
in Makefiles. This patch entangles all this.

So, whatever was added to CFLAGS in has now been moved to and Those are:
Note, that this change allows us to simplify which
in the past was disabling some of those flags (e.g. by adding -Wno-cast-qual
In case of the clang compiler, extra command line options are needed. I've
moved those into a separate 'if COMPILER_IS_CLANG' section and not merge
them into baseline flags.

Related to BZ 334727.

