project-lakitu: Use _FORTIFY_SOURCE=3 in kernel compiler flags

Latest versions of glibc, gcc and llvm use _FORTIFY_SOURCE=3 by default, which causes compilation errors when kernel compiler flags use a different value.

BUG=b/349625078
TEST=presubmit
RELEASE_NOTE=None

Change-Id: If3441db1ead4688ff725e79564729e7820a7ddf9
Reviewed-on: https://cos-review.googlesource.com/c/cos/overlays/board-overlays/+/75334
Tested-by: RBE-prod-presubmit <service-269995278450@remotebuildexecution.iam.gserviceaccount.com>
Reviewed-by: Oleksandr Tymoshenko <ovt@google.com>
Reviewed-by: Robert Kolchmeyer <rkolchmeyer@google.com>
diff --git a/project-lakitu/eclass/cos-kernel.eclass b/project-lakitu/eclass/cos-kernel.eclass
index 7d2f92e..5028ad4 100644
--- a/project-lakitu/eclass/cos-kernel.eclass
+++ b/project-lakitu/eclass/cos-kernel.eclass
@@ -100,9 +100,9 @@
         # calling memory and string handling functions.
 	if use hardened; then
 		if [ "${ARCH}" == "amd64" ]; then
-			export KCFLAGS="-fstack-clash-protection -D_FORTIFY_SOURCE=2 -ftrivial-auto-var-init=zero -fstack-protector-strong"
+			export KCFLAGS="-fstack-clash-protection -D_FORTIFY_SOURCE=3 -ftrivial-auto-var-init=zero -fstack-protector-strong"
 		else
-			export KCFLAGS="-fstack-clash-protection -D_FORTIFY_SOURCE=2 -ftrivial-auto-var-init=zero -fPIE -fsanitize=shadow-call-stack -fstack-protector-strong"
+			export KCFLAGS="-fstack-clash-protection -D_FORTIFY_SOURCE=3 -ftrivial-auto-var-init=zero -fPIE -fsanitize=shadow-call-stack -fstack-protector-strong"
 		fi
 	fi