Enforce minimal safe alignment on global variables

Currently, global variables are aligned according to their C types, e.g.
`char c[4];` has alignment 1.

However, the CompCert C semantics make it possible to cast `c` to `int *`
and dereference this pointer, which requires 4-alignment of `c` to be safe
on all platforms.

This commit makes sure that the alignment of a global variable is at
least the minimal safe alignment for its size, as defined in
`Memdata.min_safe_alignment`.  This ensures that any memory access (at
offset 0) that fits within the bounds of the variable is aligned.

Without `_Alignas` modifiers, the alignment of a C type is always <=
the minimal safe alignment of the size of the type.  However,
`_Alignas` modifiers can increase the C alignment beyond the minimal
safe alignment.  We use the greater of the two alignments.

Author: xavierleroy

cfrontend/C2C.ml

@@ -1270,7 +1270,8 @@ let convertGlobvar loc env (sto, id, ty, optinit) =
   Debug.atom_global id id';
   let ty' = convertTyp env ty in
   let sz = Ctypes.sizeof !comp_env ty' in
-  let al = Ctypes.alignof !comp_env ty' in
+  let al =
+    Z.max (Ctypes.alignof !comp_env ty') (Memdata.min_safe_alignment sz) in
   let attr = Cutil.attributes_of_type env ty in
   let init' =
     match optinit with