How to harden the output ELF file built by Go?

Hello, I am new to Golang, and need to harden the built output ELF file to satisfy the required ELF security.

Specifically, for the source file hello.go:

// hello.go
package main
import "fmt"
func main() {
    fmt.Println("hello world")

Firstly, I built out a ELF file hello using command:

$ go build -build-mode=pie hello.go

Then I checked the ELF file via checksec tool:

$ checksec --file=hello
# --- output example ---
RELRO           STACK CANARY      NX            PIE
No RELRO        No canary found   NX enabled    PIE enabled

From the output of checksec, the RELRO and STACK CANARY checks are not satisfactory.

I also tried to specify the LDFLAGS while building the Go program, but it still cannot pass checksec:

$ go build -buildmode=pie -ldflags="-extld=gcc -extldflags='-Wl,-z,relro,-z,now,-z,noexecstack'" hello.go

My problem: provided I have specific CFLAGS and LDFLAGS to properly harden the C programs, so how could I apply these flags into the Go programs?