The variables `git_config_escaped` and `git_config_escapes` are both
defined as static const character pointers in "config_parse.h". In case
where "config_parse.h" is included but those two variables are not being
used, the compiler will thus complain about defined but unused
variables. Fix this by declaring them as external and moving the actual
initialization to the C file.

Note that it is not possible to simply make this a #define, as we are
indexing into those arrays.

When populating the list of submodule names, we use the submodule
configuration entry's name as the key in the map of submodule names.
This creates a hidden dependency on the liveliness of the configuration
that was used to parse the submodule, which is fragile and unexpected.

Fix the issue by duplicating the string before writing it into the
submodule name map.

Rename "VSTS" to "Azure DevOps" and "Azure Pipelines"

cmake: enable -Wformat and -Wformat-security

Visual Studio Team Services is now a family of applications named "Azure
DevOps".  Update the README to refer to it thusly.

VSTS is now a family of components; "Azure Pipelines" is the build and
release pipeline application.

Fix revwalk limiting regression

path validation: `char` is not signed by default.

revwalk: refer the sorting modes more to git's options

Show more directly what the sorting modes correspond to in git's `rev-list` as
that's the reference implementation for what the possible sorting orders are.

We do not currently have any warnings in this regard, but it's good practice to
have them on in case we introduce something.

This is not a big deal, but it does make us match git more closely by checking
only the first. The lists are sorted already, so there should be no functional
difference other than removing a possible check from every iteration in the
loop.

When porting, we overlooked that the difference between git's and our's time
representation and copied their way of getting the max value.

Unfortunately git was using unsigned integers, so `~0ll` does correspond to
their max value, whereas for us it corresponds to `-1`. This means that we
always consider the last date to be smaller than the current commit's and always
think commits are interesting.

Change the initial value to the macro that gives us the maximum value on each
platform so we can accurately consider commits interesting or not.

ARM treats its `char` type as `unsigned type` by default; as a result,
testing a `char` value as being `< 0` is always false.  This is a
warning on ARM, which is promoted to an error given our use of
`-Werror`.

Per ISO 9899:199, section "6.2.5 Types":

> The three types char, signed char, and unsigned char are collectively
> called the character types. The implementation shall define char to
> have the same range, representation, and behavior as either signed
> char or unsigned char.
>
...

> Irrespective of the choice made, char is a separate type from the other
> two and is not compatible with either.

Clar XML output redux

Instead of trying to have a clever iterator pattern that increments the
error number, just iterate over errors in the report errors or report
all functions as it's easier to reason about in this fashion.

remote: store the connection data in a private struct

This makes it easier to pass connection-related options around (proxy &
custom headers for now).

This fixes a bug in git_push_finish, which didn't reuse the provided
proxy if the connection closed between the call to `git_remote_push` and
the finish step.

docs: clarify and include licenses of dependencies

config_file: fix quadratic behaviour when adding config multivars

In case where we add multiple configuration entries with the same key to
a diskfile backend, we always need to iterate the list of this key to
find the last entry due to the list being a singly-linked list. This
is obviously quadratic behaviour, and this has sure enough been found by
oss-fuzz by generating a configuration file with 50k lines, where most
of them have the same key. While the issue will not arise with "sane"
configuration files, an adversary may trigger it by providing a crafted
".gitmodules" file, which is delivered as part of the repo and also
parsed by the configuration parser.

The fix is trivial: store a pointer to the last entry of the list in its
head. As there are only two locations now where we append to this data
structure, mainting this pointer is trivial, too. We can also optimize
retrieval of a single value via `config_get`, where we previously had to
chase the `next` pointer to find the last entry that was added.

Using our configuration file fozzur with a corpus that has a single file
with 50000 "-=" lines previously took around 21s. With this optimization
the same file scans in about 0.053s, which is a nearly 400-fold
improvement. But in most cases with a "normal" amount of same-named keys
it's not going to matter anyway.

Windows lacks %F and %T formats for strftime.  Expand them to the
year/month/day and hour/minute/second formats, respectively.

Our build YAML is becoming unweildly and full of copy-pasta.  Simplify
with templates.

Explicitly run from the build directory, not the source.  (I was
mistaken about the default working directory for VSTS agents.)

CMake treats backslashes as escape characters; use forward slashes for
the XML output path.

Remove the global summary filename and file pointer; pass them in to the
summary functions as needed.  Error check the results of buffered I/O
calls.

Introduce a CLAR_XML option, to run the `ctest` commands with the new
`-r` flag to clar.  Permitted values are `OFF`, `ON` and a directory to
write the XML test results to.

Accept an (optional) value for the summary filename.  Continues to
default to summary.xml.

This makes it possible to keep track of every test status (even
successful ones), and their errors, if any.

Previously, supplying `-s` to explicitly enable some test(s) would run
the tests immediately from the argument parser.  This forces us to set
up the entire clar environment (for example: sandboxing) before argument
parsing takes place.

Refactor the behavior of `-s` to add the explicitly chosen tests to a
list that is executed later.  This untangles the argument parsing from
the setup lifecycle, allowing us to use the arguments to perform the
setup.

config: Fix a leak parsing multi-line config entries

Prevent heap-buffer-overflow

When running repack while doing repo writes, `packfile_load__cb()` can see some temporary files in the directory that are bigger than the usual, and makes `memcmp` overflow on the `p->pack_name` string. ASAN detected this. This just uses `strncmp`, that should not have any performance impact and is safe for comparing strings of different sizes.

```
ERROR: AddressSanitizer: heap-buffer-overflow on address 0x61200001a3f3 at pc 0x7f4a9e1976ec bp 0x7ffc1f80e100 sp 0x7ffc1f80d8b0
READ of size 89 at 0x61200001a3f3 thread T0
SCARINESS: 26 (multi-byte-read-heap-buffer-overflow)
    #0 0x7f4a9e1976eb in __interceptor_memcmp.part.78 (/build/cfgr-admin#link-tree/libtools_build_sanitizers_asan-ubsan-py.so+0xcf6eb)
    #1 0x7f4a518c5431 in packfile_load__cb /build/libgit2/0.27.0/src/libgit2-0.27.0/src/odb_pack.c:213
    #2 0x7f4a518d9582 in git_path_direach /build/libgit2/0.27.0/src/libgit2-0.27.0/src/path.c:1134
    #3 0x7f4a518c58ad in pack_backend__refresh /build/libgit2/0.27.0/src/libgit2-0.27.0/src/odb_pack.c:347
    #4 0x7f4a518c1b12 in git_odb_refresh /build/libgit2/0.27.0/src/libgit2-0.27.0/src/odb.c:1511
    #5 0x7f4a518bff5f in git_odb__freshen /build/libgit2/0.27.0/src/libgit2-0.27.0/src/odb.c:752
    #6 0x7f4a518c17d4 in git_odb_stream_finalize_write /build/libgit2/0.27.0/src/libgit2-0.27.0/src/odb.c:1415
    #7 0x7f4a51b9d015 in Repository_write /build/pygit2/0.27.0/src/pygit2-0.27.0/src/repository.c:509
```

ci: remove travis