Backports for the maint branch

Additional backports

In case of a bad url or other error during the connection setup, we
close the stream via free.

Otherwise, bailing out early when ls_to_vector() fails accesses
uninitialized memory.

Since the Linux platform has a case sensitive file system, the header name should be lower case for cross compiling purposes. (On Linux, the mingw header is called ```windows.h```).

When the user has a certificate check callback set, we still have to
check whether the stream we're using is even capable of providing a
certificate.

In the case of an unencrypted certificate, do not ask for it from the
stream, and do not call the callback.

While this is not even close to a fix, we can at least set an error
message so we know which error we are facing. Up to know we just
returned an error without a message.

This was but down to 5 when GitHub made a change to their server which
made them stop honouring the include-tag request.

This has recently been corrected, so we can bring it back up to six.

The user may decide to return any type of credential, including ones we
did not say we support. Add a check to make sure the user returned an
object of the right type and error out if not.

We want to ignore GIT_ENOTFOUND, but for that we need to capture the
error code from the reflog deletion.

If OpenSSL is disabled on Mac the SHA1 implementation goes
to the CommonCrypto from the system. In this case we should
not include the generic hash impl. Otherwise there would be
duplicated impls which fail the build.

Increment refcount of newly added cache entries just like existing
entries looked up from the cache. Otherwise the new entry can be
evicted from the cache and destroyed while it's still in use.

Fixes #2869. If included file includes more files, it may reallocate
cfg_file->readers, hence invalidate not only `r` pointer, but `result`
pointer as well.

Don't try to strip trailing paths from the root directory on
Windows (trying to create `C:` will fail).

`p_stat` calls `git_win32_path_from_utf8`, which canonicalizes the
path.  Do not further try to modify the path, else we trim the
trailing slash from a root directory and try to access `C:` instead
of `C:/`.

Test to ensure that we can create a repository at the filesystem
root.  Introduces a new test environment variable,
`GITTEST_INVASIVE_FILESYSTEM` for tests that do terrible things like
escaping the clar sandbox and writing to the root directory.  It is
expected that the CI builds will enable this but that normal people
would not want this.

Follow-up to 4f91bfa3 ("Find libssh2 via pkg-config"): FindPkgConfig sets
<foo>_INCLUDE_DIRS, not <foo>_INCLUDE_DIR like FindLIBSSH2 did.

Additionally, if using only FindPkgConfig to find libssh2, we have to
call LINK_DIRECTORIES() as well to pass the appropriate -L entries,
otherwise the build will only work if libssh2.so is in a directory
searched automatically by the linker.

This fixes the build at least on FreeBSD, where those types were not
defined indirectly:

src/openssl_stream.c:100:18: error: variable has incomplete type 'struct in6_addr'
        struct in6_addr addr6;
                        ^
src/openssl_stream.c:100:9: note: forward declaration of 'struct in6_addr'
        struct in6_addr addr6;
               ^
src/openssl_stream.c:111:18: error: use of undeclared identifier 'AF_INET'
        if (p_inet_pton(AF_INET, host, &addr4)) {
                        ^
src/unix/posix.h:31:40: note: expanded from macro 'p_inet_pton'
                                       ^
src/openssl_stream.c:115:18: error: use of undeclared identifier 'AF_INET6'
                if(p_inet_pton(AF_INET6, host, &addr6)) {
                               ^
src/unix/posix.h:31:40: note: expanded from macro 'p_inet_pton'
                                       ^

It was missing "common.h" and "types.h" like other system headers.
This generated compilation errors if including it directly.

Main change: Don't treat chars > 128 as non-printable (common in UTF-8 files)

Signed-off-by: Sven Strickroth <email@cs-ware.de>

Fix build on mingw

It's currently required in src/openssl_stream.c only.

Windows headers #define some names that openssl uses too. Openssl
headers #undef the offending names before reusing them. But if those
offending Windows headers get included after the openssl headers the
namespace is polluted and nothing good happens.

Fixes issue #2850.

pathspec_match_free() should not dereference a NULL passed to it.

I found this issue when I tried to run example log program with
nonexistent branch:

./example/log help

Such call leads to segmentation fault.