Enable BPF JIT hardening

Setting net.core.bpf_jit_harden = 2 will add hardening to the BPF JIT compiler and make JIT spraying attacks harder. It is a catch-all for all BPF related hardening but the primary thing it adds is constant blinding. Setting it to 2 enables it for all users, not just unprivileged users, and is necessary because we disable unprivileged eBPF anyway in #11827 (closed).

https://www.kernel.org/doc/html/latest/admin-guide/sysctl/net.html#bpf-jit-harden

The performance impact for our workload is minimal (because we don't rely on user-loaded BPF).