We currently have an explicit callchain of all the initialization
callbacks in our `init_common` function. This is perfectly fine, but
requires us to manually keep track of how many shutdown callbacks there
may be installed: to avoid allocations before libgit2 is fully
initialized, we assume that every initializer may register at most one
shutdown function. These shutdown functions are stored in a static array
of size `MAX_SHUTDOWN_CB`, which then needs to be updated manually
whenever a new initializer function is being added.

The situation can be easily fixed: convert the callchain of init
functions into an array and iterate over it to initialize all
subsystems. This allows us to define the `git__shutdown_callbacks` array
with the same size as the initializer array and rids us of the need to
always update `MAX_SHUTDOWN_CB`.

The `git_hash_global_init` function is simply defined as a macro to zero
for most of the different hash implementations. This makes it impossible
to treat it like a function pointer, which is required for a later
commit where we want to improve the way global initialization works.
Fix the issue by converting all no-op macros to an inline function
returning zero.

There's a small gotcha here, though: as most hash implementations only
have a header file, but not a corresponding implementation file, we
cannot declare the function as non-static. But declaring it as `static
inline` fails, too, as there is a previous declaration as non-static. So
we have to move the function declaration after the include that brings
in the function definition, as it is allowed to have a non-static
declaration after a static definition, but not the other way round.

Allow merge analysis against any reference

revwalk: Allow changing hide_cb

Unused function warnings

Add builtin proxy support for the http transport

Reset the replay_count upon a successful connection.  It's possible that
we could encounter a situation where we connect successfully but need to
replay a request - for example, a connection and initial request
succeeds without authentication but a subsequent call does require
authentication.  Reset the replay count upon any successful request to
afford subsequent replays room to manuever.

Accept an enum (`git_stream_t`) during custom stream registration that
indicates whether the registration structure should be used for standard
(non-TLS) streams or TLS streams.

Temporarily disallow SSL connections to a proxy until we can understand
the valgrind warnings when tunneling OpenSSL over OpenSSL.

Only load the proxy configuration during connection; we need this data
when we're going to connect to the server, however we may mutate it
after connection (connecting through a CONNECT proxy means that we
should send requests like normal).  If we reload the proxy configuration
but do not actually reconnect (because we're in a keep-alive session)
then we will reload the proxy configuration that we should have mutated.

Thus, only load the proxy configuration when we know that we're going to
reconnect.

Update the new stream registration API to be `git_stream_register`
which takes a registration structure and a TLS boolean.  This allows
callers to register non-TLS streams as well as TLS streams.

Provide `git_stream_register_tls` that takes just the init callback for
backward compatibliity.

Don't allow servers to send us multiple Content-Type, Content-Length
or Location headers.

The `-Wdocumentation-deprecated-sync` option will warn when there is a
doxygen `\deprecated` tag but there is no corresponding deprecation
attribute on the function.  We want to encourage users to not use
particular APIs by marking them deprecated in the documentation without
necessarily raising a compiler warning by marking an item as deprecated.

For testing, we may wish to use a man-in-the-middle proxy that can
inspect the CONNECT traffic to our test endpoints.  For this, we will
need to accept the proxy's certificate, which will not be valid for the
true endpoint.

Add a new environment variable, GITTEST_REMOTE_SSL_NOVERIFY to disable
https certificate validation for the tests.

We previously used cURL to support HTTP proxies.  Now that we've added
this support natively, we can remove the curl dependency.

The implementations of git_openssl_stream_new and
git_mbedtls_stream_new have callers protected by #ifdefs and
are never called unless compiled in.  There's no need for a
dummy implementation.  Remove them.

Natively support HTTPS connections through proxies by speaking CONNECT
to the proxy and then adding a TLS connection on top of the socket.

Introduce `git_tls_stream_wrap` which will take an existing `stream`
with an already connected socket and begin speaking TLS on top of it.
This is useful if you've built a connection to a proxy server and you
wish to begin CONNECT over it to tunnel a TLS connection.

Also update the pluggable TLS stream layer so that it can accept a
registration structure that provides an `init` and `wrap` function,
instead of a single initialization function.

Rename credential callback to proxy_cred_cb to match new cert callback.

Give the proxy tests a proxy certificate callback, and allow self-signed
certificates when the `GITTEST_REMOTE_PROXY_SELFSIGNED` environment
variable is set (to anything).  In that case, simply compare the hostname
from the callback to the hostname that we connected to.

Store the error message from the underlying TLS library before calling
the certificate callback.  If it refuses to act (demonstrated by
returning GIT_PASSTHROUGH) then restore the error message.  Otherwise,
if the callback does not set an error message, set a sensible default
that implicates the callback itself.

Refactor certificate checking so that it can easily be called for
proxies or the remote server.

Create a simple data structure that contains information about the
server being connected to, whether that's the actual remote endpoint
(git server) or an intermediate proxy.  This allows for organization of
streams, authentication state, etc.

Put a limit on the number of authentication replays in the HTTP
transport.  Standardize on 7 replays for authentication or redirects,
which matches the behavior of the WinHTTP transport.

Teach the HTTP transport how to prompt for proxy credentials.

Prepare credential handling to understand both git server and proxy
server authentication.

Factor credential handling into its own function.  Additionally, add
safety checks to ensure that we are in a valid state - that we have
received a valid challenge from the server and that we have
configuration to respond to that challenge.

The HTTP transport should understand how to apply proxies when
configured with `GIT_PROXY_SPECIFIED` and `GIT_PROXY_SPECIFIED`.
When a proxy is configured, the HTTP transport will now connect
to the proxy (instead of directly to the git server), and will
request the properly-formed URL of the git server endpoint.

Rename `http_subtransport->io` to `http_subtransport->gitserver_stream`
to clarify its use, especially as we might have additional streams (eg
for a proxy) in the future.

As we want to support HTTPS proxies, support an optional
`GITTEST_REMOTE_PROXY_SCHEME` environment variable for tests that will
allow for HTTPS support.  (When unset, the tests default to HTTP
proxies.)

Change the `GITTEST_REMOTE_PROXY_URL` environment variable to be
`GITTEST_REMOTE_PROXY_HOST`, since it is a host:port combination, not an
actual URL.  (We cannot use a URL here since we may want to include the
username:password combination in the constructed URL.)

Rename the `connection_data` struct member to `gitserver_data`, to
disambiguate future `connection_data`s that apply to the proxy, not the
final server endpoint.

config: fix adding files if their parent directory is a file

Together with the warnings for unused warnings, we always had warnings
for unused constant variables disabled since commit 823c0e9c (Fix
broken logic for attr cache invalidation, 2014-04-17). As we have now
fixed all occurrences of such variables, we can safely enable those
warnings again.

The mailmap testdata header contains a set of static variable
definitions. As these variables aren't used in all places where they are
used, they trigger the unused-const-variable warnings. As we have
currently disabled those warnings explicitly, they are never triggered,
but we intend to enable them.

Avoid the issue by only keeping variable definitions that are actually
used in all locations. Move the others to where they are used.

The current map implementations directly include the "khash.h" headers
into their own headers to make available a set of static functions,
defines et cetera. Besides leaking the complete khash namespace into
files wherever khashes are used, this also triggers Clang's
-Wunused-function warnings when some of the static functions are not
being used at all.

Fix the issue by moving the includes into the respective map
implementation files. Add forward declares for all the map types to make
them known.

Instead of using the `khiter_t`, `git_strmap_iter` and `khint_t` types,
simply use `size_t` instead. This decouples code from the khash stuff
and makes it possible to move the khash includes into the implementation
files.

The current foreach map macros simply redirect to the type-indifferent
`kh_foreach` macro. As this type-indifferent macro directly accesses the
structures, the current implementation makes it impossible to make the
stuctures private to the implementation only. And making them private is
required to move out the khash include into the implementations to
decrease the namespace leak.