old libfuzzer used in CI

[jmayclin]

Problem:

Our fuzz tests are very old and can't be compiled under modern versions of Clang (libFuzzer). While we seem to be using a relatively modern version of Clang in our CI fuzz tests, the actual fuzzer that we link against looks to be quite old.

Solution:

Brittle Linking

When trying to build locally, the first error encountered is

clang-15: error: no such file or directory: '../../fuzz_dependencies/lib/libFuzzer.a'

This is because we manually locate the libFuzzer dependency. That is not necessary and overly brittle.

Recent versions of Clang (starting from 6.0) include libFuzzer, and no extra installation is necessary.
-- https://llvm.org/docs/LibFuzzer.html#fuzzer-usage

We should instead link against the fuzzer by specifying -fsanitizer=fuzzer

Fortify Source Conflicts

Our fuzz tests are compiled without optimization -O0, but this doesn't seem to work with modern builds.

/usr/include/features.h:412:4: error: _FORTIFY_SOURCE requires compiling with optimization (-O) [-Werror,-W#warnings]
#  warning _FORTIFY_SOURCE requires compiling with optimization (-O)
   ^

PC Guard

The above steps are enough to compile the tests successfully, but when attempting to run them the following error is encountered

-pc-guard is no longer supported by libFuzzer.
Please either migrate to a compiler that supports -fsanitize=fuzzer
or use an older version of libFuzzer
FAILED  tests,  test/sec,      0 features covered

Further Errors

There may be additional errors. I stopped my debugging here because it was enough for my to address the failing fuzz build for #4399

Requirements / Acceptance Criteria:

• fuzz tests should be run with >= Clang 17 and a similarly new libfuzzer

Out of scope:

I'd love to see our fuzz tests moved to CMake, but that isn't a strict requirement.