The object::cache test module has two tests that do nearly the
same thing: given a cache limit, load a certain set of objects
and verify if those objects have been cached or not.

Convert those tests to the new data-driven initializers to
demonstrate how these are to be used. Furthermore, add some
additional test data. This conversion is mainly done to show this
new facility.

Right now, we're not able to use data-driven tests at all. E.g.
given a set of tests which we'd like to repeat with different
test data, one has to hand-write any outer loop that iterates
over the test data and then call each of the test functions. Next
to being bothersome, this also has the downside that error
reporting is quite lacking, as one never knows which test data
actually produced failures.

So let's implement the ability to re-run complete test modules
with changing test data. To retain backwards compatibility and
enable trivial addition of new runs with changed test data, we
simply extend clar's generate.py. Instead of scanning for a
single `_initialize` function, each test module may now implement
multiple `_initialize_foo` functions. The generated test harness
will then run all test functions for each of the provided
initializer functions, making it possible to provide different
test data inside of each of the initializer functions. Example:

```
void test_git_example__initialize_with_nonbare_repo(void)
{
	g_repo = cl_git_sandbox_init("testrepo");
}

void test_git_example__initialize_with_bare_repo(void)
{
	g_repo = cl_git_sandbox_init("testrepo.git");
}

void test_git_example__cleanup(void)
{
	cl_git_sandbox_cleanup();
}

void test_git_example__test1(void)
{
	test1();
}

void test_git_example__test2(void)
{
	test2();
}
```

Executing this test module will cause the following output:

```
$ ./libgit2_clar -sgit::example
git::example (with nonbare repo)..
git::example (with bare repo)..
```

ignore: handle escaped trailing whitespace

Ignore: only treat one leading slash as a root identifier

The gitignore's pattern format specifies that "Trailing spaces
are ignored unless they are quoted with backslash ("\")". We do
not honor this currently and will treat a pattern "foo\ " as if
it was "foo\" only and a pattern "foo\ \ " as "foo\ \".

Fix our code to handle those special cases and add tests to avoid
regressions.

The stripping of trailing spaces currently happens as part of
`git_attr_fnmatch__parse`. As we aren't currently parsing
trailing whitespaces correct in case they're escaped, we'll have
to change that code, though. To make actual behavioural change
easier to review, refactor the code up-front by pulling it out
into its own function that is expected to retain the exact same
functionality as before. Like this, the fix will be trivial to
apply.

online tests: use gitlab for auth failures

GitHub recently changed their behavior from returning 401s for private
or nonexistent repositories on a clone to returning 404s.  For our tests
that require an auth failure (and 401), move to GitLab to request a
missing repository.  This lets us continue to test our auth failure
case, at least until they decide to mimic that decision.

Ignore files: don't ignore whitespace

Unlike ignore files, gitattribute files can have flexible whitespace at
the beginning of the line.  Ensure that by adding new ignore rules that
we have not impeded correct parsing of attribute files.

When `allow_space` is unset, ensure that leading whitespace is not
skipped.

Comments must have a '#' at the beginning of the line.  For
compatibility with git, '#' after a whitespace is a literal part of the
filename.

Ensure that leading whitespace is treated as being part of the filename,
eg ` foo` in an ignore file indicates that a file literally named ` foo`
is ignored.

cache: fix cache eviction using deallocated key

SECURITY.md: split out security-relevant bits from readme

When evicting cache entries, we first retrieve the object that is
to be evicted, delete the object and then finally delete the key
from the cache. In case where the cache eviction caused us to
free the cached object, though, its key will point to invalid
memory now when trying to remove it from the cache map. On my
system, this causes us to not properly remove the key from the
map, as its memory has been overwritten already and thus the key
lookup it will fail and we cannot delete it.

Fix this by only decrementing the refcount of the evictee after
we have removed it from our cache map. Add a test that caused a
segfault previous to that change.

Restore NetBSD support

See: https://www.netbsd.org/changes/changes-7.0.html

GitHub has recently introduced a new set of tools that aims to
ease the process around vulnerability reports and security fixes.
Part of those tools is a new security tab for projects that will
display contents from a new SECURITY.md file.

Move relevant parts from README.md to this new file to make use
of this feature.

repository: fix garbage return value

error was never initialized and a garbage value returned on success.

cmake: disable fallthrough warnings for PCRE

Our PCRE dependency has uncommented fallthroughs in switch statements.
Turn off warnings for those in the PCRE code.

Configuration parsing: validate section headers with quotes

The `parse_section_header_ext` name suggests that it as an extended
function for parsing the section header.  It is not.  Rename it to
`parse_subsection_header` to better reflect its true mission.

When we reach a whitespace after a section name, we assume that what
will follow will be a quoted subsection name.  Pass the current position
of the line being parsed to the subsection parser, so that it can
validate that subsequent characters are additional whitespace or a
single quote.

Previously we would begin parsing after the section name, looking for
the first quotation mark.  This allows invalid characters to embed
themselves between the end of the section name and the first quotation
mark, eg `[section foo "subsection"]`, which is illegal.

When we don't specify a particular column, don't write it in the error
message.  (column "0" is unhelpful.)

Update the configuration parsing error messages to be lower-cased for
consistency with the rest of the library.

Loosen restriction on wildcard "*" refspecs

Use PCRE for our fallback regex engine when regcomp_l is unavailable

Remote URL last-chance resolution

Explicitly enable the `builtin` regex backend and the PCRE backend for
some Linux builds.

Since libssh2 doesn't read host configuration from the config file,
this callback can be used to hand over URL resolving to the client
without touching the SSH implementation itself.

This avoids any misunderstanding with the REGEX keyword in cmake.

Skip UTF8 BOM in ignore files

We've already added `ZLIB_LIBRARIES` to `LIBGIT2_LIBS` so don't also add the `z` library

We've already added `ZLIB_LIBRARIES` to `LIBGIT2_LIBS` so don't also add the `z` library (libgit2/#5079).