Callers of `git_config__cvar` already handle the case where the
function returns an error due to a failed configuration variable
lookup, but we are actually swallowing errors when calling
`git_config__lookup_entry` inside of the function.

Fix this by returning early when `git_config__lookup_entry`
returns an error. As we call `git_config__lookup_entry` with
`no_errors == false` which leads us to call `get_entry` with
`GET_NO_MISSING` we will not return early when the lookup fails
due to a missing entry. Like this we are still able to set the
default value of the cvar and exit successfully.

When writing to a file with locking not check if writing the
locked file actually succeeds. Fix the issue by returning error
code and message when writing fails.

Accessing the current values map is handled through the
`refcounder_strmap_take` function, which first acquires a mutex
before accessing its values. While this assures everybody is
trying to access the values with the mutex only we do not check
if the locking actually succeeds.

Fix the issue by checking if acquiring the lock succeeds and
returning `NULL` if we encounter an error. Adjust callers.

When normalizing options we try to look up HEAD's OID. While this
action may fail in malformed repositories we never check the
return value of the function.

Fix the issue by converting `normalize_options` to actually
return an error and handle the error in `git_blame_file`.

We usually check entries returned by `git_sortedcache_entry` for
NULL pointers. As we have a write lock in `packed_write`, though,
it really should not happen that the function returns NULL.

Assert that ref is not NULL to silence a Coverity warning.

rebase: additional setup tests of exotic behavior

appveyor: stop if the first test fails

Fixes for `gid_odb_expand_ids`

mwindow: free unused windows if we fail to mmap

The first time may be due to memory fragmentation or just bad luck on a
32-bit system. When we hit the mmap error for the first time, free up
the unused windows and try again.

The old implementation had two issues:

1. OIDs that were too short as to be ambiguous were not being handled
properly.

2. If the last OID to expand in the array was missing from the ODB, we
would leak a `GIT_ENOTFOUND` error code from the function.

Introduce `git_odb_expand_ids`

Take (and write to) an array of a struct, `git_odb_expand_id`.

Support for ssh+git and git+ssh protocols

commit: split creating the commit and writing it out

Sometimes you want to create a commit but not write it out to the
objectdb immediately. For these cases, provide a new function to
retrieve the buffer instead of having to go through the db.

Enable nanosecond resolution by default

Instead of hoping that we can get a racy entry by going real fast
and praying real hard, just create a racy entry.

Update link to Pro Git's Git internals chapter

If the underlying filesystem doesn't support better than one
second resolution, then don't expect that turning on `GIT_USE_NSEC`
does anything magical to change that.

Query the object database for multiple objects at a time, given their
object ID (which may be abbreviated) and optional type.

When looking up an abbreviated oid, show the actual (abbreviated) oid
the caller passed instead of a full (but ambiguously truncated) oid.

Update unit test to use newfangled `st_ctime_nsec`, which provides
indirection to the platform-correct name.

treebuilder: don't try to verify submodules exist in the odb

Submodules don't exist in the objectdb and the code is making us try to
look for a blob with its commit id, which is obviously not going to
work.

Skip the test if the user wants to insert a submodule.

ssh: initialize libssh2

We should have been doing this, but it initializes itself upon first
use, which works as long as nobody's doing concurrent network
operations. Initialize it on our init to make sure it's not getting
initialized concurrently.

Expand OpenSSL and libssh2 thread safety documentation

Nanosecond resolution is now the default in git itself.  Enable this
as our default as well.