Intel CET hardening needs an opt-out for WebEngine

Since https://codereview.qt-project.org/c/qt/qtbase/+/545848 Intel CET stack protection is on by default for all Qt submodule. Due to a series of unfortunate Windows API design decisions (described below) the feature may not be turned off at runtime, which will lead to crashes when running Qt WebEngine. We could just manually remove the flag in our CMakeFiles, but that's rather ugly; I'd prefer to have a documented way to opt out of the feature instead.

The issue we have arises in the following way:

WebEngine uses child processes to render webpages and execute code within them. The way Chromium's JavaScript engine produces and executes code trips up Intel CET, because it modifies the stack in unexpected ways. This is normally mitigated by passing a flag disabling Intel CET when calling CreateProcess.

Unfortunately, this flag can only be passed when the application has a .manifest file declaring support for Windows 10; by default, applications without a manifest can only use Windows APIs for Windows 8 and below. So the flag is not passed to CreateProcess(), and Windows then checks if the WebEngine DLL is compiled with -CETCOMPAT (which it is), and enables stack protection, leading to a crash. As a result, the first thing a Windows developer who's just started a new WebEngine application will see is an immediate render process crash.

We've discussed this internally, and we believe the best solution (at least for the 6.8 release) is to just disable the flag for Windows debug builds.