Improving DNSCrypt-Proxy security with mitigation flags (in Windows OS) and signatures

[ghost]

I just think it is a good idea to improve DNSCrypt-Proxy security by adding either signature to the executable image or .SIG file with hash/certificate and by adding mitigation flags, such as Stack Protection (https://techcommunity.microsoft.com/t5/windows-os-platform-blog/understanding-hardware-enforced-stack-protection/ba-p/1247815). Aside from Stack Protection, most mitigations can be enforced in Windows through registry, but its best to code the application to have such flags enabled by default. The following work great for DNSCrypt-Proxy:

• Data Execution Prevention
• Control Flow Guard
• Bottom-Up ASLR
• High-Entropy ASLR
• Heap Termination on Corruption
• Dynamic Code Prohibition
• Extension Point Disablement
• Non-Microsoft Binary Block
• Non-Microsoft Font Block
• Remote Load Disablement
• Low Integrity Load Disablement

Stack Protection, Dynamic Code Prohibition (per-thread), and Strict Handles Checks are the 3 mitigations I don't know how to enforce, but the ones listed don't create any problems