Unlike ignore files, gitattribute files can have flexible whitespace at
the beginning of the line.  Ensure that by adding new ignore rules that
we have not impeded correct parsing of attribute files.

When `allow_space` is unset, ensure that leading whitespace is not
skipped.

Comments must have a '#' at the beginning of the line.  For
compatibility with git, '#' after a whitespace is a literal part of the
filename.

Ensure that leading whitespace is treated as being part of the filename,
eg ` foo` in an ignore file indicates that a file literally named ` foo`
is ignored.

cache: fix cache eviction using deallocated key

SECURITY.md: split out security-relevant bits from readme

When evicting cache entries, we first retrieve the object that is
to be evicted, delete the object and then finally delete the key
from the cache. In case where the cache eviction caused us to
free the cached object, though, its key will point to invalid
memory now when trying to remove it from the cache map. On my
system, this causes us to not properly remove the key from the
map, as its memory has been overwritten already and thus the key
lookup it will fail and we cannot delete it.

Fix this by only decrementing the refcount of the evictee after
we have removed it from our cache map. Add a test that caused a
segfault previous to that change.

Restore NetBSD support

See: https://www.netbsd.org/changes/changes-7.0.html

GitHub has recently introduced a new set of tools that aims to
ease the process around vulnerability reports and security fixes.
Part of those tools is a new security tab for projects that will
display contents from a new SECURITY.md file.

Move relevant parts from README.md to this new file to make use
of this feature.

repository: fix garbage return value

error was never initialized and a garbage value returned on success.

cmake: disable fallthrough warnings for PCRE

Our PCRE dependency has uncommented fallthroughs in switch statements.
Turn off warnings for those in the PCRE code.

Configuration parsing: validate section headers with quotes

The `parse_section_header_ext` name suggests that it as an extended
function for parsing the section header.  It is not.  Rename it to
`parse_subsection_header` to better reflect its true mission.

When we reach a whitespace after a section name, we assume that what
will follow will be a quoted subsection name.  Pass the current position
of the line being parsed to the subsection parser, so that it can
validate that subsequent characters are additional whitespace or a
single quote.

Previously we would begin parsing after the section name, looking for
the first quotation mark.  This allows invalid characters to embed
themselves between the end of the section name and the first quotation
mark, eg `[section foo "subsection"]`, which is illegal.

When we don't specify a particular column, don't write it in the error
message.  (column "0" is unhelpful.)

Update the configuration parsing error messages to be lower-cased for
consistency with the rest of the library.

Loosen restriction on wildcard "*" refspecs

Use PCRE for our fallback regex engine when regcomp_l is unavailable

Remote URL last-chance resolution

Explicitly enable the `builtin` regex backend and the PCRE backend for
some Linux builds.

Since libssh2 doesn't read host configuration from the config file,
this callback can be used to hand over URL resolving to the client
without touching the SSH implementation itself.

This avoids any misunderstanding with the REGEX keyword in cmake.

Skip UTF8 BOM in ignore files

We've already added `ZLIB_LIBRARIES` to `LIBGIT2_LIBS` so don't also add the `z` library

We've already added `ZLIB_LIBRARIES` to `LIBGIT2_LIBS` so don't also add the `z` library (libgit2/#5079).

Define SYMBOLIC_LINK_FLAG_DIRECTORY if required

Ensure that we can read and parse an ignore file with a UTF8 BOM.

Use PCRE2 and its POSIX compatibility layer if requested by the user.
Although PCRE2 is adequate for our needs, the PCRE2 POSIX layer as
installed on Debian and Ubuntu systems is broken, so we do not opt-in to
it by default to avoid breaking users on those platforms.

Attempt to locate a system-installed version of PCRE and use its POSIX
compatibility layer, if possible.

Users can now select which regex implementation they want to use: one of
the system `regcomp_l`, the system PCRE, the builtin PCRE or the
system's `regcomp`.

By default the system `regcomp_l` will be used if it exists, otherwise
the system PCRE will be used.  If neither of those exist, then the
builtin PCRE implementation will be used.

The system's `regcomp` is not used by default due to problems with
locales.