perform the POSIX and OS X builds with -no-rpath

Using `-rpath` can be a security issue as it attempts to load the
libraries from `/home/build/wkhtmltopdf` which is unlikely to be
present on the target machine and can be potentially exploited
by an attacker. This can be mitigated by running `chrpath -d`
on the binaries, but is better to build without rpath -- it also
fixes #1733.

scripts/build.py

@@ -79,7 +79,7 @@ QT_CONFIG = {
         '-silent',                  # perform a silent build
         '-xrender',                 # xrender support is required
         '-largefile',
-        '-rpath',
+        '-no-rpath',
         '-openssl',                 # load OpenSSL binaries at runtime
         '-no-dbus',
         '-no-nis',
@@ -125,7 +125,7 @@ QT_CONFIG = {
         '-xrender',                 # xrender support is required
         '-openssl',                 # load OpenSSL binaries at runtime
         '-largefile',
-        '-rpath',
+        '-no-rpath',
         'remove:-system-libpng',
         'remove:-system-libjpeg',
         '-qt-libpng',