ci: remove appveyor

diff: fix OOM on AIX when finding similar deltas in empty diff

The function `git_diff_find_similar` keeps a function of cache
similarity metrics signatures, whose size depends on the number of
deltas passed in via the `diff` parameter. In case where the diff is
empty and thus doesn't have any deltas at all, we may end up allocating
this cache via a call to `git__calloc(0, sizeof(void *))`. At least on
AIX, allocating 0 bytes will result in a `NULL` pointer being returned,
which causes us to erroneously return an OOM error.

Fix this situation by simply returning early in case where we are being
passed an empty diff, as we cannot find any similarities in that case
anyway.

travis: do not execute Coverity analysis for all cron jobs

ci: enable compilation with "-Werror"

smart_pkt: fix potential OOB-read when processing ng packet

During the conversion of our CI scripts in bf418f09 (ci: refactor unix
ci build/test scripts, 2018-07-14), we accidentally dropped the
"-DENABLE_WERROR=ON" switch in our cmake invocation. Re-add it to help
us catch compiler warnings early.

The `git_odb_stream` members `declared_size` and `received_bytes` are
both of the type `git_off_t`, which we usually defined to be a 64 bit
signed integer. Thus, passing these members to "PRIdZ" formatters is not
correct, as they are not guaranteed to accept big enough numbers.
Instead, use the "PRId64" formatter, which is able to represent 64 bit
signed integers.

Fix a double-free in config parsing

The new Travis cron job gets executed daily, but our current
configuration will cause each job to execute our Coverity script instead
of the default build and testing scripts. This cannot work, as Coverity
is heavily rate-limiting its API, so our cron builds are doomed to
always fail. What we want to do instead is execute our normal builds,
but add an additional Coverity jobs.

This can easily be done by adding another Coverity-specific job with a
conditional "type = cron", which sets the "COVERITY" environment
variable. Instead of checking the build type, we then simply check
whether "COVERITY" is set or not.

Fuzzers

When using VSTS-based builds, we are in a different location than when
doing Travis builds. Due to this, the relative path to our fuzzer
corpora does not work on VSTS. Fix it by using `${SOURCE_DIR}` instead.

By default, libgit2 allows up to 2^32 objects when downloading a
packfile from a remote. For each of these objects, libgit2 will allocate
up to two small structs, which in total adds up to quite a lot of
memory. As a result, our fuzzers might run out of memory rather quick in
case where they receive as input a packfile with such a huge count of
objects.

Limit the packfile object count to 10M objects. This is sufficiently big
to still work with most largish repos (linux.git has around 6M objects
as of now), but small enough to not cause the fuzzer to OOM.

Convert the "download_refs" fuzzer from C++ to C. Rename the source file
to have it be picked up by our build system.

This is a direct copy of the code from google/oss-fuzz, written by
Nelson Elhage (@nelhage). Note that due to the ".cc" ending, the file
will not yet be picked up by the build system. This is intended, as
currently that file is partly written in C++, requiring a conversion to
C.

The packfile_raw fuzzer is using some internal APIs from libgit2, which
makes it hard to compile it as part of the oss-fuzz project. As oss-fuzz
requires us to link against the C++ FuzzingEngine library, we cannot use
"-DBUILD_FUZZERS=ON" directly but instead have to first compile an
object from our fuzzers and then link against the C++ library. Compiling
the fuzzer objects thus requires an external invocation of CC, and we
certainly don't want to do further black magic by adding libgit2's
private source directory to the header include path.

To fix the issue, convert the code to not use any internal APIs. Besides
some headers which we have to add now, this also requires us to change
to the hashing function of the ODB. Note that this will change the
hashing result, as we have previously not prepended the object header to
the data that is to be hashed. But this shouldn't matter in practice, as
we don't care for the hash value anyway.

Both the USE_SANITIZER and USE_COVERAGE options are convenience options
that turn on a set of CFLAGS. Despite our own set of CFLAGS required to
build libgit2, we have no real business to mess with them, though, as
they can easily be passed in by the user via specifying the CFLAGS
environment variable. The reasoning behind not providing them is that as
soon as we start adding those for some usecases, users might ask for
other sets of CFLAGS catering to their specific need in another usecase.
Thus, we do not want to support them here.

Right now, users are being instrucded to add the
"-DCMAKE_EXE_LINKER_FLAGS=-fsanitize=fuzzer" flag when they want to
build our fuzzers. This is error-prone and user unfriendly. Instead,
just add the flag to our fuzzers' build instructions so that it happens
automatically. Adjust the README accordingly.

We do want to notify users compiling our source code early on if they
try to use C flags which aren't supported. Add a new macro `AddCFlag`,
which results in a fatal error in case the flag is not supported, and
use it for our fuzzing flags.

Like all our other internal code, we want to force the use of C90 for
our fuzzers. Do so by setting the "C_STANDARD" property of our fuzzing
targets.

Our layout uses names like "examples" or "tests" which is why the "fuzz"
directory doesn't really fit in here. Rename the directory to be called
"fuzzers" instead. Furthermore, we rename the fuzzer "fuzz_packfile_raw"
to "packfile_raw_fuzzer", which is also in line with the already
existing fuzzer at google/oss-fuzz.

While at it, rename the "packfile_raw" fuzzer to instead just be called
"packfile" fuzzer.

This change adds support for building a fuzz target for exercising the
packfile parser, as well as documentation. It also runs the fuzzers in
Travis to avoid regressions.

ci: run VSTS builds on master and maint branches

Windows: default credentials / fallback credential handling

ci: add VSTS build badge to README

ci: set PKG_CONFIG_PATH for travis

Homebrew's formula for openssl is "keg-only", which means it does not
install it into /usr/local.  On macOS builds, we need to set
PKG_CONFIG_PATH to include it.

CI: Refactor and introduce VSTS builds

revwalk: remove tautologic condition for hiding a commit

Instead of trying to run coverity builds during the regular PR process,
run them during a regularly scheduled cron process.  These only need to
run nightly, so it makes sense to bring them out of the PR process.