Follow up for PR #4917.

Signed-off-by: Sven Strickroth <email@cs-ware.de>

Move to the `git_error` name in the internal API for error-related
functions.

This change fixes a bunch of warnings that were discovered by compiling
with `clang -target=i386-pc-linux-gnu`. It turned out that the
intrinsics were not necessarily being used in all platforms! Especially
in GCC, since it does not support __has_builtin.

Some more warnings were gleaned from the Windows build, but I stopped
when I saw that some third-party dependencies (e.g. zlib) have warnings
of their own, so we might never be able to enable -Werror there.

Put a limit on the number of authentication replays in the HTTP
transport.  Standardize on 7 replays for authentication or redirects,
which matches the behavior of the WinHTTP transport.

Allow credential and certificate checking callbacks to return
GIT_PASSTHROUGH, indicating that they do not want to act.
Introduce this to support in both the http and ssh callbacks.
Additionally, enable the same mechanism for certificate validation.

This is most useful to disambiguate any meaning in the publicly exposed
credential and certificate functions (`git_transport_smart_credentials`
and `git_transport_smart_certificate_check`) but it may be more
generally useful for callers to be able to defer back to libgit2.

Replace remaining uses of the `git__strtol32` function. While these uses
are all safe as the strings were either sanitized or from a trusted
source, we want to remove `git__strtol32` altogether to avoid future
misuse.

Fix fallback credentials: The call to CoInitializeEx fails if it was previously been set to a different mode.

Fix default credentials: The WinHttpSetCredentials auth scheme must only be one of the supported schemes.

Early Windows TLS 1.2 implementations have an issue during key exchange
with OpenSSL implementations that cause negotiation to fail with the
error "the buffer supplied to a function was too small."

This is a transient error on the connection, so when that error is
received, retry up to 5 times to create a connection to the remote
server before actually giving up.

Versions of Windows prior to Windows 8 do not enable TLS 1.2 by default,
though support may exist.  Try to enable TLS 1.2 support explicitly on
connections.

This request may fail if the operating system does not have TLS 1.2
support - the initial release of Vista lacks TLS 1.2 support (though
it is available as a software update) and XP completely lacks TLS 1.2
support.  If this request does fail, the HTTP context is still valid,
and still maintains the original protocol support.  So we ignore the
failure from this operation.

For platforms that do not define `WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_1`
and/or `WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_2`.

Include the constants for `WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_1` and
`WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_2` so that they can be used by mingw.

This updates both the `deps/winhttp` framework (for classic mingw) and
adds the defines for mingw64, which does not use that framework.

The winhttp and posix http each need to add the user-agent to their
requests.  Standardize on a single function to include this so that we
do not get the version numbers we're sending out of sync.

Assemble the complete user agent in `git_http__user_agent`, returning
assembled strings.

Co-authored-by: Patrick Steinhardt <ps@pks.im>

When parsing unauthorized responses, properly parse headers looking for
both NTLM and Negotiate challenges.  Set the HTTP credentials to default
credentials (using a `NULL` username and password) with the schemes
supported by ourselves and the server.

Next to including several files, our "common.h" header also declares
various macros which are then used throughout the project. As such, we
have to make sure to always include this file first in all
implementation files. Otherwise, we might encounter problems or even
silent behavioural differences due to macros or defines not being
defined as they should be. So in fact, our header and implementation
files should make sure to always include "common.h" first.

This commit does so by establishing a common include pattern. Header
files inside of "src" will now always include "common.h" as its first
other file, separated by a newline from all the other includes to make
it stand out as special. There are two cases for the implementation
files. If they do have a matching header file, they will always include
this one first, leading to "common.h" being transitively included as
first file. If they do not have a matching header file, they instead
include "common.h" as first file themselves.

This fixes the outlined problems and will become our standard practice
for header and source files inside of the "src/" from now on.

The function `git_buf_try_grow` consistently calls `giterr_set_oom`
whenever growing the buffer fails due to insufficient memory being
available. So in fact, we do not have to do this ourselves when a call
to any buffer-growing function has failed due to an OOM situation. But
we still do so in two functions, which this patch cleans up.

Set up a WinHTTP status callback; inspect the WinHTTP status for
WINHTTP_CALLBACK_STATUS_SECURE_FAILURE, and convert the status code
to a useful message for callers.

For username/password credentials, support NTLM or Basic (in that order
of priority).  Use the WinHTTP built-in authentication support for both,
and maintain a bitfield of the supported mechanisms from the response.

Error messages should be sentence fragments, and therefore:

1. Should not begin with a capital letter,
2. Should not conclude with punctuation, and
3. Should not end a sentence and begin a new one

We leave this up to the scheme in the url field. The type should only
tell us about whether we want a proxy and whether we want to auto-detect
it.

The path is not something that you use for proxies, so make use of the
new optionality of the path when extracting URL parts.

If the caller has provided bad authentication, give them another
apportunity to get it right until they give up. This brings WinHTTP in
line with the other transports.

Standard Windows type systems define CLSID_InternetSecurityManager
and IID_IInternetSecurityManager, but MinGW lacks these definitions.
As a result, we must hardcode these definitions ourselves.  However,
we should not use a public struct with those names, lest another
library do the same thing and consumers cannot link to both.

We also keep the "git/1.0" prefix in order to maintain compatibility
with hosters.