Don't search iconv in /opt/local

Since OpenSSL isn't used any more on OS X, there is no dependency
on any MacPorts library under /opt/local and there is no danger of
conflicts between MacPorts and system iconv. For this reason the
system iconv can always be used now.

[WIP/RFC] push: report the update plan to the caller

Fix some build warnings

Update documentation for API changes

Fixed unused warning in tests/rebase/merge.c

Do not call regfree() on an empty regex that is not successfully created...

(also removed an unused member "has_regex" from all_iter)

In checkout.c and filter.c we were casting a sub struct
to a parent struct which breaks the strict aliasing rules
in C. However we can use .parent or .base to access the
parent struct to avoid the build warnings.

In remote.c the local variable error was not initialized
or updated in some cases. For unintialized error a build
warning will be generated. So always keep error variable
up-to-date.

Fix wrong format string in git_reflog_drop() error message

Validate configuration keys

Use SecureTransport on OS X

On close, we might get a return code which looks like an error but just
means that the other side closed gracefully. Handle that.

Anything SSL is deprecated. Let's make sure we don't try to use SSL v3
when talking to the server.

Do not automatically fail on a bad certificate, but let the caller
decide. This means we don't need our switch on errors anymore but can
return a string representation from the security framework.

This is what it's meant all along, but now we actually have multiple
implementations, it's clearer to use the name of the library.

Instead, provide git_tls_stream_new() to ask for the most appropriate
encrypted stream and use it in our HTTP transport.

As an alternative to OpenSSL when we're on OS X. This one can actually
take advantage of stacking the streams.

config_write -- handle duplicate section headers when deleting entries

Closes #2966.

Fix git_checkout_tree() to do index filemodes correctly on Windows.

Fix for Issue #3023 tests fail with no network

Moved offending tests from network to online so they will get skipped
when there is a lack of network connectivity:
-test_online_remotes__single_branch
-test_online_remotes__restricted_refspecs

Attempt to fix Windows TLS memory leak.

If git_config_delete is to work properly in the presence of duplicate section
headers, it cannot stop searching at the end of the first matching section, as
there may be another matching section later.
When config_write is used for deletion (value = NULL), it may only terminate
when the desired key is found or there are no sections left to parse.

Instead of using a config file in resources, include the config file content to
be tested directly in the test.

Add a unittest to validate bug #3043, where a duplicate empty config header
could cause deletion of a config entry to fail silently. The bug is currently
unresolved and this test will fail.

Rebase fixes

Handle invalid multiline configuration