buf::oom tests: use custom allocator for oom failures

Create a custom allocator for the `buf::oom` tests that will fail with
out-of-memory errors in predictable ways.  We were previously trying to
guess the way that various allocators on various platforms would fail
in a way such that `malloc`/`realloc` would return `NULL` (instead of
aborting the application, or appearing suspicious to various
instrumentation or static code analysis tools like valgrind.)

Introduce a fake `malloc` and `realloc` that will return `NULL` on
allocations requesting more than 100 bytes.  Otherwise, we proxy to the
default allocator.  (It's important to use the _default_ allocator, not
just call `malloc`, since the default allocator on Windows CI builds may
be the debugging C runtime allocators which would not be compatible with
a standard `malloc`.)

Provide a utility to reset custom allocators back to their default.
This is particularly useful for testing.

ci: arm docker builds

We don't need two separate docker images for OpenSSL and mbedTLS.
They've been combined into a single image `trusty-amd64` that supports
both.

On a 32-bit Linux systems, the value large enough to make malloc
guarantee a failure is also large enough that valgrind considers it
"fishy".  Skip this test on those systems entirely.

Newer dependencies means newer places to leak!

Use Bionic so that we have a modern libssh2 (for communicating with
GitHub).  We've ported fixes to our Trusty-based amd64 images, but
maintaining patches for multiple platforms is heinous.

Bind the proxy specifically to 127.0.0.1 instead of all addresses.  This
is not strictly necessary for operations, but having a potentially open
proxy on a network is not a good idea.

Use multiarch arm32 and arm64 docker images to run Xenial-based images
for those platforms.  We can support all the tests on ARM32 and 64
_except_ the proxy-based tests.  Our proxy on ARM seems regrettably
unstable, either due to some shoddy dependencies (with native code?)
or the JREs themselves.

Run these platforms as part of our nightly builds; do not run them
during pull request or CI validation.

As the number of each grow, separate the CI build scripts from
the YAML definitions.

Win32 path canonicalization refactoring

Check object existence when creating a tree from an index

The testrepo test fixture has an index file that's damaged, missing an
object.  The index previously had an entry of `src/index.c` with id
3161df8cbf3a006b4ef85be6497a0ea6bde98541, but that object was missing in
the repository.  This commit adds an object to the repository and
updates the index to use that existing blob.

Similarly, the index has an entry for `readme` with an id of
97328ac7e3bd0bcd3900cb3e7a624d71dd0df888.  This can be restored from
other test repositories.

With these fixed, now the write tree from index tests can pass since they
validate object existence.

Ninja build

docs: fix transparent/opaque confusion in the conventions file

Configuration variables can appear on the same line as the section header

Update `git_win32_path_remove_namespace` to disambiguate the prefix
being removed versus the prefix being added.  Now we remove the
"namespace", and (may) add a "prefix" in its place.  Eg, we remove the
`\\?\` namespace.  We remove the `\\?\UNC\` namespace, and replace it
with the `\\` prefix.  This aids readability somewhat.

Additionally, use pointer arithmetic instead of offsets, which seems to
also help readability.

The internal API `git_win32__canonicalize_path` is far, far too easily
confused with the internal API `git_win32_path_canonicalize`.  The
former removes the namespace prefix from a path (eg, given
`\\?\C:\Temp\foo`, it returns `C:\Temp\foo`, and given
`\\?\UNC\server\share`, it returns `\\server\share`).  As such, rename
it to `git_win32_path_remove_namespace`.

`git_win32_path_canonicalize` remains unchanged.

path: export the dotgit-checking functions

cmake: correct comment from libssh to libssh2

We use libssh2.  We do not use libssh.  Make sure to disambiguate them
correctly.

Object parsing fuzzer

These checks are preformed by libgit2 on checkout, but they're also useful for
performing checks in applications which do not involve checkout.

Expose them under `sys/` as it's still fairly in the weeds even for this
library.

While rare and a machine would typically not generate such a configuration file,
it is nevertheless valid to write

    [foo "bar"] baz = true

and we need to deal with that instead of assuming everything is on its own line.

config: Port config_file_fuzzer to the new in-memory backend.

Add a simple fuzzer that exercises our object parser code. The fuzzer
is quite trivial in that it simply passes the input data directly to
`git_object__from_raw` for each of the four object types.

When failing to parse a raw object fromits data, we free the
partially parsed object but then fail to propagate the error to the
caller. This may lead callers to operate on objects with invalid memory,
which will sooner or later cause the program to segfault.

Fix the issue by passing up the error code returned by `parse_raw`.