While no extra header fields are defined for tags, git accepts them by
ignoring them and continuing the search for the message. There are a few
tags like this in the wild which git parses just fine, so we should do
the same.

⚡ some warnings

Proxy configuration

We were downloading the jar from within an block which only runs for
MSVC. Move the download to the start of the test so it gets downloaded
for both.

Improve star-star matching

Instead of threading the state down to the larger loop, let's have the
loop where we detect the double star so each of them are easier to read.

In order to match the star-star, we disable the flag that's looking for
a single path element, but that leads to searching for the pattern in
the middle of elements in the input string.

Mark when we're handing a star-star so we jump over the elements in our
attempt to match the part of the pattern that comes after the star-star.

While here, tighten up the check so we don't allow invalid rules
through.

Running clar directly on appveyor makes it think the command returned
failure, so it stops the tests. Running it via ctest lets it go through.

We leave this up to the scheme in the url field. The type should only
tell us about whether we want a proxy and whether we want to auto-detect
it.

It takes a bit for the propxy to get ready to accept connections, so
start it before the build so we can be reasonably sure that it's going
to be ready in time.

I don't quite recall what we do in the other places where we use this,
but we should pass this payload to the callbacks.

The path is not something that you use for proxies, so make use of the
new optionality of the path when extracting URL parts.

When we're dealing with proxy addresses, we only want a hostname and
port, and the user would not provide a path, so make it optional so we
can use this same function to parse git as well as proxy URLs.

It is currently unused; it will go into the remote's options.

Add missing ')' to callbacks documentation

Super minor, but it was bugging me.

There was a missing closing paren in the docs.

tests: skip the unreadable file tests as root

When running as root, skip the unreadable file tests, because, well,
they're probably _not_ unreadable to root unless you've got some
crazy NSA clearance-level honoring operating system shit going on.

refs: provide a more general error message for dwim

Strict object creation in `refs::create`

When we turned strict object creation validation on by default, we
forgot to inform the refs::create tests of this.  They, in fact,
believed that strict object creation was off by default.  As a result,
their cleanup function went and turned strict object creation off for
the remaining tests.

This lets us run with strict object creation on.

If we cannot dwim the input, set the error message to be explicit about
that. Otherwise we leave the error for the last failed lookup, which
can be rather unexpected as it mentions a remote when the user thought
they were trying to look up a branch.

tests: fix core/stream test when built with openssl off

When passing -DUSE_OPENSSL:BOOL=OFF to cmake the testsuite will
fail with the following error:

core::stream::register_tls [/tmp/libgit2/tests/core/stream.c:40]
  Function call failed: (error)
  error -1 - <no message>

Fix test to assume failure for tls when built without openssl.
While at it also fix GIT_WIN32 cpp to check if it's defined
or not.

Remove Makefile.embed

This has not been a supported build mode for quite some time, and it
correspondingly hasn't worked to build the library for a long time. Get
rid of it, as the only build mode we support is though CMakek.

iterator/diff: allow trailing `/` on start/end paths to match submodules

ignore: don't use realpath to canonicalize path