some staticExecs should check the exit code

[ee7]

Example

1. Download a source archive for chalk
2. Extract it
3. cd to the extracted location
4. Run nimble build

This is relevant for packaging chalk - see https://github.com/crashappsec/internal_tickets/issues/138.

Expected behavior

The build succeeds, and chalk is fully functional. In particular, a chalk insert should insert a chalk mark that contains the git commit ref from which chalk was built, like:

"COMMIT_ID": "e50885d33aa5e66fc75cb8e8f133c2159c6d052a",

Observed behavior

The build succeeds, but then a chalk insert inserts a chalk mark with a bad COMMIT_ID value, which contains an error message instead of a commit ref.

The chalk version output has the same issue:

$ chalk version | grep commit
 ┊ Commit ID      ┊ fatal: not a git repository [etc]    ┊

Diagnosis

We have some staticExec that silently use the command's output even when the command indicates an error:

chalk/src/chalk_common.nim

Lines 362 to 364 in cf9ebf8

	commitID* = staticexec("git rev-parse HEAD")
	archStr* = staticexec("uname -m")
	osStr* = staticexec("uname -o")

chalk/src/attestation.nim

Lines 13 to 14 in cf9ebf8

	attestationObfuscator = staticExec(
	"dd status=none if=/dev/random bs=1 count=16 | base64").decode()

These should use gorgeEx, or some wrapper around that.