cc_wrapper: make built artifacts more reproducible but specifying `-ffile-prefix-map`

[ParkMyCar]

This PR aims to make artifacts built with toolchains_llvm more reproducible by specifying:

-ffile-prefix-map=${{pwd}}=__bazel_toolchain_llvm_repo__

in the compile and linker flags. Then in cc_wrapper.sh we replace ${{pwd}} with the current absolute path the script is being invoked from. This should result in builds being more reproducible by replacing absolute local paths in the binary with __bazel_toolchain_llvm_repo__.

For example, today in the MaterializeInc/materialize repo, building the @bzip2//:bzip2 target and running strings on the final binary, I get several results like this:

/private/var/tmp/_bazel_parker.timmerman/497be8b2783f71dbb03155dd9130f54f/sandbox/darwin-sandbox/977/execroot/__main__

After this PR all said entries are replaced with:

__bazel_toolchain_llvm_repo__

@keith I see in #440 you removed the use of -fdebug-prefix-path, I'm curious what you think of this since it not only effects debug info but also pre-processor macros.

[keith]

In general instead of using this one you should add this to your .bazelrc:

build --copt=-ffile-compilation-dir=. --host_copt=-ffile-compilation-dir=.

Ideally we would add this to this ruleset, but it wouldn't work with older versions of clang.

[rockwotj]

but it wouldn't work with older versions of clang.

@keith do you know when this was added to clang? We could add conditionally add the flag based on the clang version right?

[keith]

looks like as far back as 13.x. im not sure if anything in these rules are doing that now, but yea ideally