The Windows-specific crtdbg allocator is currently mixed into the
crtdbg stacktracing compilation unit, making it harder to find
than necessary. Extract it and move it into the new "allocators/"
subdirectory to improve discoverability.

This change means that the crtdbg compilation unit is now
compiled unconditionally, whereas it has previously only been
compiled on Windows platforms. Thus we now have additional guards
around the code so that it will only be compiled if
GIT_MSVC_CRTDBG is defined. This also allows us to move over the
fallback-implementation of `git_win32_crtdbg_init_allocator` into
the same compilation unit.

Right now, our two allocator implementations are scattered around
the tree in "stdalloc.h" and "win32/w32_crtdbg_stacktrace.h".
Start grouping them together in a single directory "allocators/",
similar to how e.g. our streams are organized.

Remove public 'inttypes.h' header

Remove an `inttypes.h` header that is too large in scope, and far too
public.

For Visual Studio 2012 and earlier (ie, `_MSC_VER < 1800`), we do need
to include `stdint.h` in our public headers, for types like `uint32_t`.

Internally, we also need to define `PRId64` as a printf formatting
string when it is not available.

Prevent reading out of bounds memory

Previously, we would fail to correctly truncate the source buffer
if the source has more than one line and ends with a non-newline
character. In the following call, we thus truncate the source
string in the middle of the second line. Without the bug fixed,
we would successfully apply the patch to the source and return
success. With the overflow being fixed, we should return an
error now.

When parsing the patch image from a string, we split the string
by newlines to get a line-based view of it. To split, we use
`memchr` on the buffer and limit the buffer length by the
original length provided by the caller. This works just fine for
the first line, but for every subsequent line we need to actually
subtract the amount of bytes that we have already read.

The above issue can be easily triggered by having a source buffer
with at least two lines, where the second line does _not_ end in
a newline. Given a string "foo\nb", we have an original length of
five bytes. After having extracted the first line, we will point
to 'b' and again try to `memchr(p, '\n', 5)`, resulting in an
out-of-bounds read of four bytes.

Fix the issue by correctly subtracting the amount of bytes
already read.

Fix a memory leak in odb_otype_fast()

This change frees a copy of a cached object in odb_otype_fast().

Make stdalloc__reallocarray call stdalloc__realloc

Remove `git_time_monotonic`

Fix a _very_ improbable memory leak in git_odb_new()

`git_time_monotonic` was added so that non-native bindings like rugged
could get high-resolution timing for benchmarking.  However, this is
outside the scope of libgit2 *and* rugged decided not to use this
function in the first place.

Google suggests that absolutely _nobody_ is using this function and we
don't want to be in the benchmarking business.  Remove the function.

ci: publish documentation on merge

When a commit is pushed or merged into one of the release branches
(master, maint/*) then push the documentation update to gh-pages.

This reverts commit 2a4e866a.

When a continuous integration build runs (ie a commit is pushed or
merged into one of the CI branches, `master` or `maint/*`) then push the
rebuilt documentation into the `gh-pages` branch.

This change fixes a mostly theoretical memory leak in got_odb_new()
that can only manifest if git_cache_init() fails due to running out of
memory or not being able to acquire its lock.

This change avoids calling realloc(3) in more than one place.

Enable creation of worktree from bare repo's default branch

Allow bypassing check for '.keep' file

Deprecation: export the deprecated functions properly

In a bare repository, HEAD usually points to the branch that is
considered the "default" branch. As the current implementation for
`git_branch_is_checked_out` only does a comparison of HEAD with the
branch that is to be checked, it will say that the branch pointed to by
HEAD in such a bare repo is checked out.

Fix this by skipping the main repo's HEAD when it is bare.

Right now, the function `git_repository_foreach_head` will always
iterate over all HEADs of the main repository and its worktrees. In some
cases, it might be required to skip either of those, though. Add a flag
in preparation for the following commit that enables this behaviour.

Libraries should use assert(3P) only very scarcely. First, we usually
shouldn't cause the caller of our library to abort in case where the
assert fails. Second, if code is compiled with -DNDEBUG, then the assert
will not be included at all.

In our `git_branch_is_checked_out` function, we have an assert that
verifies that the given reference parameter is non-NULL and in fact a
branch. While the first check is fine, the second is not. E.g. when
compiled with -DNDEBUG, we'd proceed and treat the given reference as a
branch in all cases.

Fix the issue by instead treating a non-branch reference as not being
checked out. This is the obvious solution, as references other than
branches cannot be directly checked out.

We currently do not have any tests at all for the
`git_branch_is_checked_out` function. Add some basic ones.

When adding a new worktree, we only verify that an optionally given
reference is valid half-way through the function. At this point, some
data structures have already been created on-disk. If we bail out due to
an invalid reference, these will be left behind and need to be manually
cleaned up by the user.

Improve the situation by moving the reference checks to the function's
preamble. Like this, we error out as early as possible and will not
leave behind any files.

Enable hard deprecation in our builds to ensure that we do not call
deprecated functions internally.

Add a CMake option to enable hard deprecation; the resultant library
will _not_ include any deprecated functions.  This may be useful for
internal CI builds that create libraries that are not shared with
end-users to ensure that we do not use deprecated bits internally.

Although the error functions were deprecated, we did not properly mark
them as deprecated.  We need to include the `deprecated.h` file in order
to ensure that the functions get their export attributes.

Similarly, do not define `GIT_DEPRECATE_HARD` within the library, or
those functions will also not get their export attributes.  Define that
only on the tests and examples.

ci: skip ssh tests on macOS nightly

Like 811c1c0f, disable the SSH tests on
macOS until we can resolve the newly introduced infrastructure issues.

CI build fixups

SSH tests on macOS have begun failing for an unknown reason after an
infrastructure upgrade to macOS 10.13.6.  Disable those tests
temporarily, until we can resolve it.

Subtle changes in the host OS can have impacts in the CI system that
may be hard to debug.  We previously showed the results of `uname` which
can be difficult to interpret.  Provide more information where
available.

The URL was incorrect for the nightly badge image; it was erroneously
showing the master branch continuous integration build badge.

Include a build badge for `maint/v0.28` builds.