Fix a typo [ci skip]

COPYING: include winhttp definition copyright

Include the copyright notice from the deps/winhttp/ sources.  Move the
LGPL to the bottom of the file (since multiple dependencies are LGPL
licensed) and include the actual copyright notices from the regex sources.

Include the 4 characters not recognised as hex-number in parse_len

transport: provide a way to get the callbacks

CMake: fall back to OpenSSL on older OS X

Starting at OS X 10.8, the Security framework offers some functions
which are unified across OS X and iOS. These are the functions that we
use.

Older versions of OS X do not have these functions and we fail to
compile. In these situations, fall back to using OpenSSL for our TLS
stream instead.

libgit2 implementations of smart subtransports can simply reach through
the structure, but external implementors cannot.

Add these two functions as a way for the smart subtransports to get the
callbacks as set by the user.

Fix build warning: implicit declaration of function ‘git_transaction_config_new’

Fix bug in git_smart__push: push_transfer_progress cb is only called at end

diff: don't error out on an invalid regex

http: propagate the credentials callback's error code

When parsing user-provided regex patterns for functions, we must not
fail to provide a diff just because a pattern is not well
formed. Ignore it instead.

When we ask for credentials, the user may choose to return EUSER to
indicate that an error has happened on its end and it wants to be given
back control.

We must therefore pass that back to the user instead of mentioning that
it was on_headers_complete() that returned an error code. Since we can,
we return the exact error code from the user (other than PASSTHROUGH)
since it doesn't cost anything, though using other error codes aren't
recommended.

curl: use the most secure auth method for the proxy

The conditional checked cbs->transfer_progress then used the value in cbs->push_transfer_progress. In both cases it should be push_transfer_progress

Locking and transactional/atomic updates for config

remote: don't confuse tag auto-follow rules with refspec matching

This makes the API for commiting or discarding changes the same as for
references.

This lock/unlock pair allows for the cller to lock a configuration file
to avoid concurrent operations.

It also allows for a transactional approach to updating a configuration
file. If multiple updates must be made atomically, they can be done
while the config is locked.

When a configuration file is locked, any updates made to it will be done
to the in-memory copy of the file. This allows for multiple updates to
happen while we hold the lock, preventing races during complex
config-file manipulation.

Instead of writing into the filebuf directly, make the functions to
write the modified config file write into a buffer which can then be
dumped into the lockfile for committing.

This allows us to re-use the same code for modifying a locked
configuration, as we can simply skip the last step of dumping the data
to disk.

Forcing libssh2 lib location in CMake

When we're looking to update a tag, we can't stop if the tag auto-follow
rules don't say to update it. The tag might still match the refspec we
were given.

While we download the remote's remote-tracking branches, we don't
download the tag. This points to the tag auto-follow rules interfering
with the refspec.

When curl uses a proxy, it will only use Basic unless we prompt it to
try to use the most secure on it has available.

This is something which git did recently, and it seems like a good idea.

OS X may have libssh2 in diff locations, so CHECK_LIBRARY_EXISTS may check the wrong lib; forcing it to use a found directory.

Fix duplicate basenames to support older VS on master

With Visual Studio versions 2008 and older they ignore the full path to files and only check
the basename of the file to find a collision. Additionally, having duplicate basenames can break
other build tools like GYP.

This fixes https://github.com/libgit2/libgit2/issues/3356

Error handling: use buffers, improved OOM handling

When an error state is an OOM, make sure that we treat is specially
and do not try to free it.

Allow restoring a previously captured oom error, by
detecting when the captured message pointer points to the
static oom error message.  This means there is no need
to strdup the message in giterr_detach.