ci: Add new build-check-sanitized.sh

All C/C++ projects should use the sanitizers (and static analysis)
in their CI.  We had this but lost it in one of our CI shuffles;
let's readd it.

diff --git a/ci/build-check-sanitized.sh b/ci/build-check-sanitized.sh
new file mode 100755 (executable)
index 0000000..39c06f4
--- /dev/null
+++ b/ci/build-check-sanitized.sh
@@ -0,0 +1,12 @@
+#!/usr/bin/bash
+# Build with ASAN and UBSAN + unit tests.
+
+set -xeuo pipefail
+
+dn=$(dirname $0)
+. ${dn}/libbuild.sh
+export CFLAGS='-fsanitize=address -fsanitize=undefined -fsanitize-undefined-trap-on-error'
+# We leak global state in a few places, fixing that is hard.
+export ASAN_OPTIONS='detect_leaks=0'
+${dn}/build.sh
+make check