BinSkim issue

[danieljurek]

Seeing a BinSkim issue on Windows which blocks some but not all builds. It's possible this could block a release build.

Example build where this is breaking: https://dev.azure.com/azure-sdk/internal/_build/results?buildId=4613193&view=logs&j=12494761-d332-5a1c-a5ee-2bea7198f339&t=1c1415ca-e08f-5ae5-f165-2967bf4ae28d

##[error]2. BinSkim Error BA2009 - File: build-output/azd-windows-amd64.exe.  
Signature: 94307fedca3397ff8099d1d5e4f1da5116f6c47905d344cd0604f27e9c259ba7
Tool: BinSkim: Rule: BA2009 (EnableAddressSpaceLayoutRandomization). https://github.com/microsoft/binskim/blob/main/docs/BinSkimRules.md#rule-BA2009EnableAddressSpaceLayoutRandomization
'azd-windows-amd64.exe' is not marked as DYNAMICBASE. This means that the binary is not eligible for relocation by Address Space Layout Randomization (ASLR). ASLR is an important mitigation that makes it more difficult for an attacker to exploit memory corruption vulnerabilities.
To resolve this issue, configure your tools to build with this feature enabled. For C and C++ binaries, add /DYNAMICBASE to your linker command line.
For VC projects use ItemDefinitionGroup - Link - RandomizedBaseAddress property with 'true' value.
For .NET applications, use a compiler shipping with Visual Studio 2008 or later.

[danieljurek]

A possible solution here might be to change https://github.com/Azure/azure-dev/blob/main/cli/azd/ci-build.ps1#L124 to use -buildmode=pie.