Don't add CmdlineChecks in add_kconfig_checks() to avoid wrong results
when the tool doesn't check the cmdline.

A common pattern for checking the 'param_x' cmdline parameter
that __overrides__ the 'PARAM_X_DEFAULT' kconfig option:
  l += [OR(CmdlineCheck(reason, decision, 'param_x', '1'),
           AND(KconfigCheck(reason, decision, 'PARAM_X_DEFAULT_ON', 'y'),
               CmdlineCheck(reason, decision, 'param_x, 'is not set')))]

Here we don't check the kconfig options or minimal kernel version
required for the cmdline parameters. That would make the checks
very complex and not give a 100% guarantee anyway.

Having HARDENED_USERCOPY_FALLBACK disabled is not enough.

The Linux kernel 4.16-4.17 has a weird STACKPROTECTOR configuration:
CC_STACKPROTECTOR_NONE -- stackprotector is disabled;
CC_STACKPROTECTOR_REGULAR -- similar to current STACKPROTECTOR;
CC_STACKPROTECTOR_STRONG -- similar to current STACKPROTECTOR_STRONG;
CC_STACKPROTECTOR_AUTO -- the best stack-protector that compiler provides.
These options are mutually exclusive.

Let's improve the STACKPROTECTOR check:
- Add CC_STACKPROTECTOR_REGULAR as a valid alternative name of this option;
- Add CC_STACKPROTECTOR_STRONG to avoid false negative result;
- Add CC_STACKPROTECTOR_AUTO hoping that it enables at least STACKPROTECTOR.

The STACKPROTECTOR_STRONG check still requires explicit configuration, not
CC_STACKPROTECTOR_AUTO.

Thanks to @izh1979 for the idea

I can't recommend disabling it, because LKDTM is used to test the kernel
hardening features.

But I cant recommend enabling it, because LKDTM contains intentional
memory corruption errors. It's not for production systems.

So let's simply drop the comment about LKDTM.

#68

Use the presence check for slab_nomerge.
Also check that slab_merge is not set.

Reusing "is not set" for CmdlineCheck is a nice hack.

Nice!

populate_with_data() must be called after all checks have been added.

Thanks to the coverage info

And also test the tool without "-l".