Shallow clone local

clar: remove ftrunacte from libgit2 tests

tests: skip flaky-ass googlesource tests

sha256: indirection for experimental functions

The experimental function signature is only available when
`GIT_EXPERIMENTAL_SHA256` is enabled.

RFC: SHA256 proof of concept

meta: update version number to v1.6.0-alpha

v1.5.0

Fix creation of branches and tags with invalid names

pack: don't pretend we support pack files v3

zlib: update bundled zlib to v1.2.12

Fixes for CVE 2022-29187

slide_hash knowingly reads (possibly) uninitialised memory, see comment
lower down about prev[n] potentially being garbage. In this case, the
result is never used - so we don't care about MSAN complaining about
this read.

By adding the no_sanitize("memory") attribute, clients of zlib won't
see this (unnecessary) error when building and running with
MemorySanitizer. An alternative approach is for clients to build zlib
with -fsanitize-ignorelist=... where the ignorelist contains something
like 'fun:slide_hash'. But that's more work and needs to be redone
for any and all CI systems running a given project with MSAN. Adding
this annotation to zlib's sources is overall more convenient - but
also won't affect non-MSAN builds.

This specific issue was found while running git's test suite, but has
also been reported by other clients, see e.g. #518.

The `crc32_combine_gen64` missed a prototype in our define path.
Add one.

In the ownership checks implemented for CVE-2022-24765, we disallowed
users to access their own repositories when running with `sudo`.

Examine the `SUDO_UID` environment variable and allow users running
with `sudo`. This matches git's behavior.

To match git's behavior with CVE 2022-29187, validate not only the
working directory, but also the gitdir and gitlink (if it exists). This
a follow up to CVE-2022-24765 that was fixed earlier.

Fix erroneously lax configuration ownership checks