fix(ExecSolib): handle ET_EXEC trampoline in solib_bootstrap

The trampoline binary embedded in ddtrace.so is produced as ET_EXEC
(non-PIE) by toolchains that don't default to -fPIE (e.g. devtoolset-7
on CentOS 7).  elf_load_trampoline previously accepted only ET_DYN and
used mmap(NULL) to pick a random load base -- an ET_EXEC binary loaded
that way runs at the wrong virtual address and crashes with SIGSEGV.

Two-pronged fix:
1. solib_bootstrap.c: accept both ET_DYN and ET_EXEC.  For ET_EXEC,
   reserve the binary's fixed virtual address range with MAP_FIXED
   (valid in the bootstrap context: no ld.so yet, fresh address space).
2. libdatadog/spawn_worker/build.rs: add -fPIE/-pie on Linux so future
   builds always produce a PIE (ET_DYN) trampoline, matching the
   original design intent of elf_load_trampoline.

Fixes "failed to map trampoline" (exit 121) on bookworm-slim for
PHP 8.3-8.5.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

Author: cataphract

ext/solib_bootstrap.c

@@ -708,7 +708,9 @@ static int elf_load_trampoline(const void *src, size_t src_len,
     if (src_len < sizeof(Elf64_Ehdr)) return -1;
     const Elf64_Ehdr *ehdr = (const Elf64_Ehdr *)src;
 
-    if (elf_check_header(ehdr, 1u << ET_DYN, 32) < 0) return -1;
+    // Accept both ET_DYN (PIE, the ideal case) and ET_EXEC (non-PIE, produced
+    // by toolchains that don't default to -fPIE; handled via MAP_FIXED below).
+    if (elf_check_header(ehdr, (1u << ET_DYN) | (1u << ET_EXEC), 32) < 0) return -1;
     if (ehdr->e_phoff + (uint64_t)ehdr->e_phnum * sizeof(Elf64_Phdr) > src_len) return -1;
 
     const Elf64_Phdr *phdrs = (const Elf64_Phdr *)((const char *)src + ehdr->e_phoff);
@@ -723,8 +725,28 @@ static int elf_load_trampoline(const void *src, size_t src_len,
     if (fd < 0) return -1;
 
     uintptr_t base; long total;
-    if (elf_reserve(phdrs, ehdr->e_phnum, page_size, &base, &total) < 0) {
-        sys_close(fd); return -1;
+    if (ehdr->e_type == ET_EXEC) {
+        // ET_EXEC: fixed virtual addresses; the bootstrap runs before ld.so in a
+        // fresh address space, so the low-address range should be available.
+        // Reserve it with MAP_FIXED so elf_map_segments can overwrite it.
+        uintptr_t lo = (uintptr_t)-1, hi = 0;
+        for (int i = 0; i < ehdr->e_phnum; i++) {
+            if (phdrs[i].p_type != PT_LOAD) continue;
+            uintptr_t slo = BS_PAGE_DOWN(phdrs[i].p_vaddr, page_size);
+            uintptr_t shi = BS_PAGE_UP(phdrs[i].p_vaddr + phdrs[i].p_memsz, page_size);
+            if (slo < lo) lo = slo;
+            if (shi > hi) hi = shi;
+        }
+        if (lo == (uintptr_t)-1) { sys_close(fd); return -1; }
+        total = (long)(hi - lo);
+        void *fixed = sys_mmap((void *)lo, total, BS_PROT_NONE,
+                               BS_MAP_PRIVATE | BS_MAP_ANONYMOUS | BS_MAP_FIXED, -1, 0);
+        if (fixed == BS_MAP_FAILED) { sys_close(fd); return -1; }
+        base = 0; // load bias is 0: runtime address == p_vaddr
+    } else {
+        if (elf_reserve(phdrs, ehdr->e_phnum, page_size, &base, &total) < 0) {
+            sys_close(fd); return -1;
+        }
     }
     if (elf_map_segments(fd, (long)tramp_file_bias, phdrs, ehdr->e_phnum,
                          base, page_size) < 0) {