Should we stop appling --enable-expensive-hardening to constant-time code ?
The ubsan and asan options introduce branch instructions all over the place. Although these branches are never actually taken in by code that doesn't immediately crash, I'm concerned that they might make our constant-time code less constant-time, with a suitably weird branch predictor.
(I have no evidence that this is actually happening, but the whole situation is a confusing mess.)
Out of an abundance of caution, I'd suggest that we make those options apply only to the non-constant-time code