We've accumulated quite some functions which are never used outside of
their respective code unit, but which are lacking the `static` keyword.
Add it to reduce their linkage scope and allow the compiler to optimize
better.

The httpclient implementation keeps a `read_buf` that holds the data
in the body of the response after the headers have been written.  We
store that data for subsequent calls to `git_http_client_read_body`.  If
we want to stop reading body data and send another request, we need to
clear that cached data.

Clear the cached body data on new requests, just like we read any
outstanding data from the socket.

When `git_http_client_read_body` is invoked, it provides the size of the
buffer that can be read into.  This will be set as the parser context's
`output_size` member.  Use this as an upper limit on our reads, and
ensure that we do not read more than the client requests.

When users call `git_http_client_read_body`, it should return 0 at the
end of a message.  When the `on_message_complete` callback is called,
this will set `client->state` to `DONE`.  In our read loop, we look for
this condition and exit.

Without this, when there is no data left except the end of message chunk
(`0\r\n`) in the http stream, we would block by reading the three bytes
off the stream but not making progress in any `on_body` callbacks.
Listening to the `on_message_complete` callback allows us to stop trying
to read from the socket when we've read the end of message chunk.

Signed-off-by: Utkarsh Gupta <utkarsh@debian.org>

Use a 16kb read buffer for compatibility with macOS SecureTransport.

SecureTransport `SSLRead` has the following behavior:

1. It will return _at most_ one TLS packet's worth of data, and
2. It will try to give you as much data as you asked for

This means that if you call `SSLRead` with a buffer size that is smaller
than what _it_ reads (in other words, the maximum size of a TLS packet),
then it will buffer that data for subsequent calls.  However, it will
also attempt to give you as much data as you requested in your SSLRead
call.  This means that it will guarantee a network read in the event
that it has buffered data.

Consider our 8kb buffer and a server sending us 12kb of data on an HTTP
Keep-Alive session.  Our first `SSLRead` will read the TLS packet off
the network.  It will return us the 8kb that we requested and buffer the
remaining 4kb.  Our second `SSLRead` call will see the 4kb that's
buffered and decide that it could give us an additional 4kb.  So it will
do a network read.

But there's nothing left to read; that was the end of the data.  The
HTTP server is waiting for us to provide a new request.  The server will
eventually time out, our `read` system call will return, `SSLRead` can
return back to us and we can make progress.

While technically correct, this is wildly ineffecient.  (Thanks, Tim
Apple!)

Moving us to use an internal buffer that is the maximum size of a TLS
packet (16kb) ensures that `SSLRead` will never buffer and it will
always return everything that it read (albeit decrypted).

We avoid abbreviations where possible; rename git_cred to
git_credential.

In addition, we have standardized on a trailing `_t` for enum types,
instead of using "type" in the name.  So `git_credtype_t` has become
`git_credential_t` and its members have become `GIT_CREDENTIAL` instead
of `GIT_CREDTYPE`.

Finally, the source and header files have been renamed to `credential`
instead of `cred`.

Keep previous name and values as deprecated, and include the new header
files from the previous ones.

Disambiguate between general network problems and HTTP problems in error
codes.

Allow users to opt-in to expect/continue handling when sending a POST
and we're authenticated with a "connection-based" authentication
mechanism like NTLM or Negotiate.

If the response is a 100, return to the caller (to allow them to post
their body).  If the response is *not* a 100, buffer the response for
the caller.

HTTP expect/continue is generally safe, but some legacy servers
have not implemented it correctly.  Require it to be opt-in.

Fully support HTTP proxies, in particular CONNECT proxies, that allow us
to speak TLS through a proxy.

Detect responses that are sent with Transfer-Encoding: chunked, and
record that information so that we can consume the entire message body.

Store the last-seen credential challenges (eg, all the
'WWW-Authenticate' headers in a response message).  Given some
credentials, find the best (first) challenge whose mechanism supports
these credentials.  (eg, 'Basic' supports username/password credentials,
'Negotiate' supports default credentials).

Set up an authentication context for this mechanism and these
credentials.  Continue exchanging challenge/responses until we're
authenticated.

When sending a new request, ensure that we got the entirety of the
response body.  Our caller may have decided that they were done reading.
If we were not at the end of the message, this means that we need to
tear down the connection and cannot do keep-alive.

However, if the caller read all of the message, but we still have a
final end-of-response chunk signifier (ie, "0\r\n\r\n") on the socket,
then we should consider that the response was successfully copmleted.

If we're asked to send a new request, try to read from the socket, just
to clear out that end-of-chunk message, marking ourselves as
disconnected on any errors.

Teach httpclient how to support chunking when POSTing request bodies.

Introduce a new http client implementation that can GET and POST to
remote URLs.

Consumers can use `git_http_client_init` to create a new client,
`git_http_client_send_request` to send a request to the remote server
and `git_http_client_read_response` to read the response.

The http client implementation will perform the I/O with the remote
server (http or https) but does not understand the git smart transfer
protocol.  This allows us to split the concerns of the http subtransport
from the actual http implementation.