Add an "scs" flag for enabling shadow call stack on targets.

Shadow call stack (SCS) is a security mitigation that uses a
separate stack (the SCS) for return addresses.

The effect of setting sanitize.scs on a shared library is to build
the library and all of its static library dependencies with SCS. This
is similar to CFI and the other sanitizers.

Bug: 112907825
Bug: 119557795
Change-Id: I82fb2b38b10eac911c4d2d120b74fea4af0622ad