Provide a callback for certificate validation

travis: run valgrind only once

Instead of running valgrind on each job, half of which are in release
mode and don't have much usable information for valgrind, perform an
debug build as part of allowed_failures and run valgrind on that one,
which should speed up the feedback we get from the builds.

Skip it before we attempt to clone, as we would exit with -1 on systems
which do not have sshd running.

This brings us back in line with the other transports.

The user may have the data hashed as MD5 or SHA-1, so we should provide
both types for consumption.

Instead of using the libssh2 defines, provide our own, which eases usage
as we do not need to check whether libgit2 was built with libssh2 or not.

Instead of spreading the data in function arguments, some of which
aren't used for ssh and having a struct only for ssh, use a struct for
both, using a common parent to pass to the callback.

Test that the certificate check callback gets the right fingerprint from
the host we're connecting to.

This option make it easy to ignore anything about the server we're
connecting to, which is bad security practice. This was necessary as we
didn't use to expose detailed information about the certificate, but now
that we do, we should get rid of this.

If the user wants to ignore everything, they can still provide a
callback which ignores all the information passed.

This should make the mingw compiler happy.

If the user returns 0 from the certificate check and we had certificate issues, set the options to ignore certificate errors and resend the request.

We need to call WinHttpSendRequest() in three different places. Unify all in a single function to have a single place for the certificate check.

If we're not using SSL, don't call the user's certificate check callback.

On successful connection, still ask the user whether they accept the server's certificate, indicating that WinHTTP would let it though.

Returning 0 lets the certificate check succeed. An error code is bubbled
up to the user.

We know the host's key as soon as we connect, so we should perform the
check as soon as we can, before we bother with the user's credentials.

We should let the user decide whether to cancel the connection or not
regardless of whether our checks have decided that the certificate is
fine. We provide our own assessment to the callback to let the user fall
back to our checks if they so desire.

Instead of the parsed data, we can ask OpenSSL to give us the
DER-encoded version of the certificate, which the user can then parse
and validate.

If the certificate validation fails (or always in the case of ssh),
let the user decide whether to allow the connection.

The data structure passed to the user is the native certificate
information from the underlying implementation, namely OpenSSL or
WinHTTP.

Fix typo

No files merged may result in bogus merge conflict error

Fix attribute lookup in index for bare repos

When using a bare repo with an index, libgit2 attempts to read
files from the index.  It caches those files based on the path
to the file, specifically the path to the directory that contains
the file.

If there is no working directory, we use `git_path_dirname_r` to
get the path to the containing directory.  However, for the
`.gitattributes` file in the root of the repository, this ends up
normalizing the containing path to `"."` instead of the empty
string and the lookup the `.gitattributes` data fails.

This adds a test of attribute lookups on bare repos and also
fixes the problem by simply rewriting `"."` to be `""`.

Add Rust to the language bindings list

When auto follow tags, FETCH_HEAD should list only newly followed tags

Passing 0 as the length of the paths to check to git_diff_index_to_workdir
results in all files being treated as conflicting, that is, all untracked or
modified files in the worktree is reported as conflicting

Added test case to illustrate bogus conflicts detected if no files were merged, and untracked files exist in the workdir.

signature: don't allow empty emails

A signature is made up of a non-empty name and a non-empty email so
let's validate that. This also brings us more in line with git, which
also rejects ident with an empty email.

Restrict which refs can be the default branch