This follows the same principle as `buffer.c` where the same check is done before freeing the buffer. It fixes the crash described in #6028.

Update proxy configuration

Update the proxy detection for a remote.

1. Honor `http.<url>.proxy` syntax for a remote's direct URL and
   parent URLs.
2. Honor an empty configuration URL to override a proxy configuration.

Add tests to ensure that configuration specificity is honored.

Provide a utility method on a url to determine if it matches any pattern
in a comma-separated list, similar to what one would find in `NO_PROXY`
environment variables.

Provide a method to determine if a given URL matches a host:port pattern
like the ones found in `NO_PROXY` environment variables.

Introduce a utility function that compares a NUL terminated string to a
possibly not-NUL terminated string with length.  This is similar to
`strncmp` but with an added check to ensure that the lengths match (not
just the `size` portion of the two strings).

Item 2 of 3 from #4164

Signed-off-by: Mathieu Parent <math.parent@gmail.com>

Fix a possible null pointer dereference

This change fixes a possible null pointer dereference if anything inside
`git_commit_graph_writer_add_index_file` fails before the packfile being
valid.

https://scan6.coverity.com/reports.htm#v52218/p10377/fileInstanceId=122935896&defectInstanceId=32525576&mergedDefectId=1461634

Fix worktree iteration when repository has no common directory

Set Host Header to match CONNECT authority target

Prior to this change, for CONNECT requests, the Host header was set to
the host and port of the target http proxy. However, per the rfc7230 for
HTTP/1.1 this is incorrect as the Host header should match the target of
the CONNECT request, as detailed in section 5.3.3 & 5.4.

  5.3.3.  authority-form

   The authority-form of request-target is only used for CONNECT
   requests (Section 4.3.6 of [RFC7231]).

     authority-form = authority

   When making a CONNECT request to establish a tunnel through one or
   more proxies, a client MUST send only the target URI's authority
   component (excluding any userinfo and its "@" delimiter) as the
   request-target.  For example,

     CONNECT www.example.com:80 HTTP/1.1

  5.4.  Host

   <snip>

   A client MUST send a Host header field in all HTTP/1.1 request
   messages.  If the target URI includes an authority component, then a
   client MUST send a field-value for Host that is identical to that
   authority component, excluding any userinfo subcomponent and its "@"
   delimiter (Section 2.7.1).  If the authority component is missing or
   undefined for the target URI, then a client MUST send a Host header
   field with an empty field-value.

This issue was noticed when proxying requests through HAProxy 2.2 which
rejects these invalid http requests.

Fixes from code analysis

buf: deprecate public git_buf writing functions

filter: filter drivers stop taking git_buf as user input

Introduce `create_commit_cb`, deprecate `signing_cb`

remote: introduce remote_ready_cb, deprecate resolve_url callback

opts: test GIT_OPT_SET_SSL_CERT_LOCATIONS

fixes #6003

Include a self-signed certificate for test.libgit2.org:1443 that we can
use to verify that GIT_OPT_SET_SSL_CERT_LOCATIONS works.

Checkout dry-run

midx: Introduce git_odb_write_multi_pack_index()

Use error code GIT_EAUTH for authentication failures