Hardening test blhc fails due to CPPFLAGS missing (-D_FORTIFY_SOURCE=2): /usr/lib/ccache/c++

Hello, While packaging for Debian nearly all of our C++/Cmake jobs have recently started failing a hardening buildflags test called blhc, it tests that hardening buildflags are being used throughout the entire build. Of the failings, most of them are failing the preprocessor ( automoc ) segment of the build. I have found that setting preprocessor flags directly via ( -DCMAKE_CXX_COMPILER_ARG1 or -CMAKE_AUTOMOC_MOC_OPTIONS ) it does indeed make the problem go away. Unfortunately, with hundreds of packages for us to maintain, this overhead is not exactly a good solution in the short or long run. My colleague Pino has uncovered the likely cause of this new failure, as quoted from him:

"However this is not a new issue: what changed between cmake 3.15 and 3.16 is that the verbosity of the autogen commands (automoc, autouic, autorcc) now follows also the value of CMAKE_VERBOSE_MAKEFILE, which when building packages defaults to TRUE; starting from cmake 3.13 there is the CMAKE_AUTOGEN_VERBOSE variable to tweak the verbosity of the autogen commands.

IMHO this somehow touches the lack of CPPFLAGS in cmake, as whatever is in CPPFLAGS could be passed straight to moc."

SO I am here today asking for suggestions as to how I can pass this test without ugly workarounds. You can see the test here:

https://salsa.debian.org/qt-kde-team/extras/latte-dock/-/jobs/687407

Thank you for your time. Scarlett