guix: build GCC with --enable-standard-branch-protection

To enable Branch Target Identification Mechanism and Return
Address Signing by default at configure time use the
`--enable-standard-branch-protection` option.

This is equivalent to having `-mbranch-protection=standard` during
compilation. This can be explicitly disabled during compilation
by passing the `-mbranch-protection=none` option which turns off
all types of branch protections.

See:
https://gcc.gnu.org/install/specific.html#aarch64-x-x

contrib/guix/manifest.scm

@@ -423,6 +423,7 @@ inspecting signatures in Mach-O binaries.")
             (list "--enable-initfini-array=yes",
                   "--enable-default-ssp=yes",
                   "--enable-default-pie=yes",
+                  "--enable-standard-branch-protection=yes",
                   building-on)))
         ((#:phases phases)
           `(modify-phases ,phases