Ready for the release 0.5.9.

Enable UBSAN_BOUNDS and UBSAN_TRAP.
But keep UBSAN_MISC disabled to avoid useless reports.

In fact, KSPP recommends PAGE_POISONING_ZERO.

In fact HARDEN_EL2_VECTORS was included in RANDOMIZE_BASE in v5.9.
Use new nested ComplexOptChecks for this rule.

Refers to #48.

Thanks, @pgils.

Refers to #48.

Now we can do things like OR(opt1, AND(opt2, opt3)).
Cool!

Refers to #48

CLIP OS wiki and Kees say that BPF interpreter is worse for the kernel
security than BPF_JIT.

So for now I withdraw my recommendation about BPF_JIT.

N.B. LOCKDOWN disables BPF_SYSCALL, but not BPF_JIT.

Ready for release 0.5.7

CONFIG_X86_IOPL_IOPERM is also disabled by kernel lockdown

Refers the issue #45

(done while solving the issue #45)

Let's fold the alternative options --debug and --json into --mode parameter:
  -m {verbose,json}, --mode {verbose,json}
  			choose the report mode

That also allows to get rid of 'debug_mode' and 'json_mode' globals.

This work is a prerequisite of solving the issue #45.

That makes the code style much better.

Side note: I was thinking a lot about storing the checking rules
separately in some file format. Finally I decided not to do that because:
 - I want avoid additional parsing (these rules are static anyway);
 - the rules include a lot of special cases and exceptions, which
don't look pretty in any format.