add support for OpenSSL 1.1.0 for BIO filter

We need to include the initialisation and construction functions in all
backend, so we include this header when building against SecureTransport
and WinHTTP as well.

pack: fix race in pack_entry_find_offset

For older versions we can fall back on the deprecated ASN1_STRING_data.

We want to program against the interface, so recreate it when we compile
against pre-1.1 versions.

In `pack_entry_find_offset`, we try to find the offset of a
certain object in the pack file. To do so, we first assert if the
packfile has already been opened and open it if not. Opening the
packfile is guarded with a mutex, so concurrent access to this is
in fact safe.

What is not thread-safe though is our calculation of offsets
inside the packfile. Assume two threads calling
`pack_entry_find_offset` at the same time. We first calculate the
offset and index location and only then determine if the pack has
already been opened. If so, we re-calculate the offset and index
address.

Now the case for two threads: thread 1 first calculates the
addresses and is subsequently suspended. The second thread will
now call `pack_index_open` and initialize the pack file,
calculating its addresses correctly. When the first thread is
resumed now, he'll see that the pack file has already been
initialized and will happily proceed with the addresses it has
already calculated before the check. As the pack file was not
initialized before, these addresses are bogus.

Fix the issue by only calculating the addresses after having
checked if the pack file is open.

pqueue: resolve possible NULL pointer dereference

CI Improvements

Small documentation improvements

Our valgrind jobs haven't been failing for several builds by now.
This indicates that our tests are sufficiently stable when
running under valgrind. As such, any failures reported by
valgrind become interesting to us and shouldn't be ignored when
causing a build to fail.

Remove the valgrind job from the list of allowed failures.

When running a Coverity build, we have to provide an
authentication token in order to proof that we are actually
allowed to run analysis in the name of a certain project. As this
token should be secret, it is only set on the main repository, so
when we were requested to run the Coverity script on another
repository we do error out. But in fact we do also error out if
the Coverity analysis should _not_ be run if there is no
authentication token provided.

Fix the issue by only checking for the authentication token after
determining if analysis is indeed requested.

The `git_pqueue` struct allows being fixed in its total number of
entries. In this case, we simply throw away items that are
inserted into the priority queue by examining wether the new item
to be inserted has a higher priority than the previous smallest
one.

This feature somewhat contradicts our pqueue implementation in
that it is allowed to not have a comparison function. In fact, we
also fail to check if the comparison function is actually set in
the case where we add a new item into a fully filled fixed-size
pqueue.

As we cannot determine which item is the smallest item in absence
of a comparison function, we fix the `NULL` pointer dereference
by simply dropping all new items which are about to be inserted
into a full fixed-size pqueue.

We used to only execute Coverity analysis on the 'development'
branch before commit 998f0016 (Refine build limitation,
2014-01-15), which refined Coverity build limitations. While we
do not really use the 'development' branch anymore, it does
still make sense to only analyze a single branch, as otherwise
Coverity might get confused.

Re-establish the restriction such that we only analyze libgit2's
'master' branch. Also fix the message announcing why we do not
actually analyze a certain build.

Trivial memory leak fixes in test suite

patch: minor documentation fix.

Fix @return description of git_patch_num_lines_in_hunk.

Closes: https://github.com/libgit2/libgit2/issues/3959
Signed-off-by: Igor Gnatenko <i.gnatenko.brain@gmail.com>

Squelch example warnings, enable CI