Enable -fwrapv by default with clang to treat signed integer overflows

Enable -fwrapv by default with clang to treat signed integer overflows
as defined.  This is done to prevent dangerous optimisations which could
remove security critical overflow checks.

Base gcc has -fno-strict-overflow by default, with clang this is
identical to -fwrapv.

Prompted by naddy@ discovering a hang with a clang compiled i386 kernel
that was resolved with -fwrapv.

ok kettenis@ pascal@