Set Host Header to match CONNECT authority target

Prior to this change, for CONNECT requests, the Host header was set to
the host and port of the target http proxy. However, per the rfc7230 for
HTTP/1.1 this is incorrect as the Host header should match the target of
the CONNECT request, as detailed in section 5.3.3 & 5.4.

  5.3.3.  authority-form

   The authority-form of request-target is only used for CONNECT
   requests (Section 4.3.6 of [RFC7231]).

     authority-form = authority

   When making a CONNECT request to establish a tunnel through one or
   more proxies, a client MUST send only the target URI's authority
   component (excluding any userinfo and its "@" delimiter) as the
   request-target.  For example,

     CONNECT www.example.com:80 HTTP/1.1

  5.4.  Host

   <snip>

   A client MUST send a Host header field in all HTTP/1.1 request
   messages.  If the target URI includes an authority component, then a
   client MUST send a field-value for Host that is identical to that
   authority component, excluding any userinfo subcomponent and its "@"
   delimiter (Section 2.7.1).  If the authority component is missing or
   undefined for the target URI, then a client MUST send a Host header
   field with an empty field-value.

This issue was noticed when proxying requests through HAProxy 2.2 which
rejects these invalid http requests.

Fixes from code analysis

buf: deprecate public git_buf writing functions

filter: filter drivers stop taking git_buf as user input

Introduce `create_commit_cb`, deprecate `signing_cb`

remote: introduce remote_ready_cb, deprecate resolve_url callback

opts: test GIT_OPT_SET_SSL_CERT_LOCATIONS

fixes #6003

Include a self-signed certificate for test.libgit2.org:1443 that we can
use to verify that GIT_OPT_SET_SSL_CERT_LOCATIONS works.

Checkout dry-run

midx: Introduce git_odb_write_multi_pack_index()

Use error code GIT_EAUTH for authentication failures

midx: Add a way to write multi-pack-index files

A `git_buf` is now a read-only structure as far as callers are
concerned.  This is a mechanism that we can return data to callers
using memory that is owned by the library and can be cleaned up by
callers (using `git_buf_dispose`).

A `git_buf` can no longer be allocated by callers or provided to the
library.

Using a callback to set a resolve_url is not particularly idiomatic.
Deprecate it in favor of the `set_instance_url` and
`set_instance_pushurl` functions which can now be called from the
`git_remote_ready_cb` callback.

Introduce a new callback that fires when the remote is ready to connect.

The signing callback should not be used; instead, callers should provide
a commit_create_cb, perform the signing and commit creation themselves.

Introduce a new mechanism for `git_rebase_commit` for callers to
customize the experience.  Instead of assuming that we produce the
commit for them, provide a commit creation callback that allows callers
to produce the commit themselves and return the resulting commit id.

WIP: .devcontainer: settings for a codespace workflow

CMake. hash sha1 header has been added.

Co-authored-by: Edward Thomson <ethomson@github.com>