A hardened kernel is generally highly unlikely to happen anytime soon. There’s no actively maintained, Free and Open Source hardened kernel project which provides a Linux kernel compatible with Debian (stable) (and VMs).
There are too many configuration options. See this example.
And the Kicksecure or Whonix project doesn’t have resources to pay a kernel developer (most likely full time) to keep maintaining all of this (which includes figuring out which configuration option breaks what).
Kicksecure is certainly providing all the surrounding infrastructure (wiki, forums, APT repository) but cannot maintain the “core” for the hardened kernel.
related:
Unfortunately, Linux doesn’t prioritize security and some sort of minimalism. It’s still the only realistic choice to work with however far form perfect.