Improved SDK hardening/security

[kilograham]

The existing SDK is not designed with security in mind. We may however want to improve certain areas, and indeed offer a build setting to provide a hardened subset of functionality or additional behavior.

This will probably divide into separate issues (more to be added):

1. Hardening of path to main. The RP2350 bootrom takes great care on a secured chip to make it to the secure firmware safely, however things go down hill from there as there is no hardening of code run before main. This makes writing a truly secure app with the SDK tricky atm (though of course the runtime init can be customized).