Build improvements and fix BinSkim/security issues

[vmoroz]

Overview

This PR centralizes Windows build configuration, improves build script maintainability, and resolves several security and build issues.

🔧 Build System Improvements

Centralized Windows Configuration

• Created HermesWindows.cmake to consolidate Windows-specific build logic
• Moved compiler flags, linker options, and platform detection from scattered locations
• Unified ARM64/ARM64EC handling and cross-compilation logic
• Simplified CMakePresets.json by removing embedded flags

Enhanced Build Script (build.js)

• Added --targets parameter for selective builds (e.g., --targets hermesc,libshared)
• Improved argument parsing with better validation
• Enhanced error handling and logging
• Fixed ARM64EC compiler selection logic

🛡️ Security & Compliance Fixes

BinSkim Security Issues

• Added proper security flags (/guard:cf, /GS, /DYNAMICBASE, /ZH:SHA_256)
• Configured deterministic builds with /BREPRO
• Added CET compatibility for supported platforms
• Implemented conditional flag application based on target architecture

MSVC Warning/Error Resolution

• Fixed C4703 "potentially uninitialized variable" errors in external dtoa library
• Resolved conflicts between /sdl security flags and external code
• Improved warning suppression for third-party dependencies

🧹 Code Quality Improvements

JavaScript Build Scripts

• Added ESLint and Prettier configuration for consistent code style
• Added formatting and linting commands to the new package.json
• Added comprehensive .gitignore for node_modules
• Created detailed README with usage instructions

CMake Fixes

• Fixed incorrect DEPENDS usage in add_custom_command(TARGET ...)
• Improved cross-platform build detection
• Enhanced variable scope handling in CMake functions

📁 New Files

• package.json - Node.js dependencies and scripts
• eslint.config.js - ESLint configuration
• .prettierrc - Prettier formatting rules
• .gitignore - Git ignore for build artifacts
• README.md - Documentation for build scripts
• HermesWindows.cmake - Centralized Windows build logic

🎯 Benefits

• Security: Resolves BinSkim security compliance issues
• Maintainability: Centralized Windows build configuration reduces duplication
• Developer Experience: Better build script formatting and selective target building
• Reliability: Fixed various build system edge cases and warnings

✅ Testing

• Verified builds for x64, ARM64, and ARM64EC architectures
• Confirmed UWP and Win32 build scenarios
• Validated security flag application across different configurations
• Tested JavaScript linting and formatting workflows

Microsoft Reviewers: Open in CodeFlow