Fuzzers

When using VSTS-based builds, we are in a different location than when
doing Travis builds. Due to this, the relative path to our fuzzer
corpora does not work on VSTS. Fix it by using `${SOURCE_DIR}` instead.

By default, libgit2 allows up to 2^32 objects when downloading a
packfile from a remote. For each of these objects, libgit2 will allocate
up to two small structs, which in total adds up to quite a lot of
memory. As a result, our fuzzers might run out of memory rather quick in
case where they receive as input a packfile with such a huge count of
objects.

Limit the packfile object count to 10M objects. This is sufficiently big
to still work with most largish repos (linux.git has around 6M objects
as of now), but small enough to not cause the fuzzer to OOM.

Convert the "download_refs" fuzzer from C++ to C. Rename the source file
to have it be picked up by our build system.

This is a direct copy of the code from google/oss-fuzz, written by
Nelson Elhage (@nelhage). Note that due to the ".cc" ending, the file
will not yet be picked up by the build system. This is intended, as
currently that file is partly written in C++, requiring a conversion to
C.

The packfile_raw fuzzer is using some internal APIs from libgit2, which
makes it hard to compile it as part of the oss-fuzz project. As oss-fuzz
requires us to link against the C++ FuzzingEngine library, we cannot use
"-DBUILD_FUZZERS=ON" directly but instead have to first compile an
object from our fuzzers and then link against the C++ library. Compiling
the fuzzer objects thus requires an external invocation of CC, and we
certainly don't want to do further black magic by adding libgit2's
private source directory to the header include path.

To fix the issue, convert the code to not use any internal APIs. Besides
some headers which we have to add now, this also requires us to change
to the hashing function of the ODB. Note that this will change the
hashing result, as we have previously not prepended the object header to
the data that is to be hashed. But this shouldn't matter in practice, as
we don't care for the hash value anyway.

Both the USE_SANITIZER and USE_COVERAGE options are convenience options
that turn on a set of CFLAGS. Despite our own set of CFLAGS required to
build libgit2, we have no real business to mess with them, though, as
they can easily be passed in by the user via specifying the CFLAGS
environment variable. The reasoning behind not providing them is that as
soon as we start adding those for some usecases, users might ask for
other sets of CFLAGS catering to their specific need in another usecase.
Thus, we do not want to support them here.

Right now, users are being instrucded to add the
"-DCMAKE_EXE_LINKER_FLAGS=-fsanitize=fuzzer" flag when they want to
build our fuzzers. This is error-prone and user unfriendly. Instead,
just add the flag to our fuzzers' build instructions so that it happens
automatically. Adjust the README accordingly.

We do want to notify users compiling our source code early on if they
try to use C flags which aren't supported. Add a new macro `AddCFlag`,
which results in a fatal error in case the flag is not supported, and
use it for our fuzzing flags.

Like all our other internal code, we want to force the use of C90 for
our fuzzers. Do so by setting the "C_STANDARD" property of our fuzzing
targets.

Our layout uses names like "examples" or "tests" which is why the "fuzz"
directory doesn't really fit in here. Rename the directory to be called
"fuzzers" instead. Furthermore, we rename the fuzzer "fuzz_packfile_raw"
to "packfile_raw_fuzzer", which is also in line with the already
existing fuzzer at google/oss-fuzz.

While at it, rename the "packfile_raw" fuzzer to instead just be called
"packfile" fuzzer.

This change adds support for building a fuzz target for exercising the
packfile parser, as well as documentation. It also runs the fuzzers in
Travis to avoid regressions.

ci: run VSTS builds on master and maint branches

Windows: default credentials / fallback credential handling

ci: add VSTS build badge to README

ci: set PKG_CONFIG_PATH for travis

Homebrew's formula for openssl is "keg-only", which means it does not
install it into /usr/local.  On macOS builds, we need to set
PKG_CONFIG_PATH to include it.

CI: Refactor and introduce VSTS builds

revwalk: remove tautologic condition for hiding a commit

Instead of trying to run coverity builds during the regular PR process,
run them during a regularly scheduled cron process.  These only need to
run nightly, so it makes sense to bring them out of the PR process.

The contition cannot be reached with `commit->uninteresting` being true:
either a `break` or a `continue` statement will be hit in this case.

winhttp: retry erroneously failing requests

The leaks process is not good about handling children.  Ensure that its
child is `nohup`ed so that the grandparent shell won't wait for it to
exit.