x86/cet: Add -fcf-protection=none before -fcf-protection=branch

x86/cet: Add -fcf-protection=none before -fcf-protection=branch

When shadow stack is enabled, some CET tests failed when compiled with
GCC 14:

FAIL: elf/tst-cet-legacy-4
FAIL: elf/tst-cet-legacy-5a
FAIL: elf/tst-cet-legacy-6a

which are caused by

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113039

These tests use -fcf-protection -fcf-protection=branch and assume that
-fcf-protection=branch will override -fcf-protection.  But this GCC 14
commit:

https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1c6231c05bdcca

changed the -fcf-protection behavior such that

-fcf-protection -fcf-protection=branch

is treated the same as

-fcf-protection

Use

-fcf-protection -fcf-protection=none -fcf-protection=branch

as the workaround.  This fixes BZ #31187.

Tested with GCC 13 and GCC 14 on Intel Tiger Lake.
Reviewed-by: Noah Goldstein <goldstein.w.n@gmail.com>