Prior to this change, for CONNECT requests, the Host header was set to
the host and port of the target http proxy. However, per the rfc7230 for
HTTP/1.1 this is incorrect as the Host header should match the target of
the CONNECT request, as detailed in section 5.3.3 & 5.4.

  5.3.3.  authority-form

   The authority-form of request-target is only used for CONNECT
   requests (Section 4.3.6 of [RFC7231]).

     authority-form = authority

   When making a CONNECT request to establish a tunnel through one or
   more proxies, a client MUST send only the target URI's authority
   component (excluding any userinfo and its "@" delimiter) as the
   request-target.  For example,

     CONNECT www.example.com:80 HTTP/1.1

  5.4.  Host

   <snip>

   A client MUST send a Host header field in all HTTP/1.1 request
   messages.  If the target URI includes an authority component, then a
   client MUST send a field-value for Host that is identical to that
   authority component, excluding any userinfo subcomponent and its "@"
   delimiter (Section 2.7.1).  If the authority component is missing or
   undefined for the target URI, then a client MUST send a Host header
   field with an empty field-value.

This issue was noticed when proxying requests through HAProxy 2.2 which
rejects these invalid http requests.

git_array_alloc: return objects of correct type

Homogenize semantics for atomic-related functions

Set refs/remotes/origin/HEAD to default branch when branch is specified

There were some subtle semantic differences between the various
implementations of atomic functions. Now they behave the same, have
tests and are better documented to avoid this from happening again in
the future.

Of note:

* The semantics chosen for `git_atomic_compare_and_swap` match
  `InterlockedCompareExchangePointer`/`__sync_cal_compare_and_swap` now.
* The semantics chosen for `git_atomic_add` match
  `InterlockedAdd`/`__atomic_add_fetch`.
* `git_atomic_swap` and `git_atomic_load` still have a bit of semantic
  difference with the gcc builtins / msvc interlocked operations, since
  they require an l-value (not a pointer). If desired, this can be
  homogenized.

This reverts commit 487f2a82, reversing
changes made to c6cf7f0e.

array: check dereference from void * type

GCC C11 warnings

Instead of buf->"typeofbuffer"ReparseBuffer the members will be
referenced with buf->ReparseBuffer."typeofbuffer"

https://docs.microsoft.com/en-us/windows-hardware/drivers/ddi/ntifs/ns-ntifs-_reparse_data_buffer?redirectedfrom=MSDN
calls the union DUMMYUNIONNAME but that looks a bit cluttered.

Introduce GIT_WARN_UNUSED_RESULT

open: input validation for empty segments in path

C11 warnings

Dynamically load OpenSSL (optionally)

Add Xenial, Bionic, CentOS 7 and 8 workflows with OpenSSL-Dynamic builds
nightly.

Defer dlopen until it's needed when dynamically loading OpenSSL
libraries.

The ntlmclient dependency can now dynamically load OpenSSL.

dlopen sets up some thread-local state that isn't cleaned up by
`dlclose`.  Additionally, now that we're linking against different
versions of libssh2 and OpenSSL, we're seeing different leak signatures.

Provide an interface around OpenSSL to dynamically load the libraries
and symbols, so that users can distribute a libgit2 library that is not
linked directly against OpenSSL.  This enables users to target multiple
distributions with a single binary.

This mechanism is optional and disabled by default.  Configure cmake
with -DUSE_HTTPS=OpenSSL-Dynamic to use it.

Refactor the OpenSSL stream implementation so that the legacy code is better
abstracted.  This will enable future development.

ci: tag new containers with the latest tag

Update all the container versions to force a rebuild so that they'll get
tagged with latest (due to changes in the CI scripts).

ci: update centos builds

openssl: don't fail when we can't customize allocators

During valgrind runs, we try to swap out the OpenSSL allocators for our
own.  This allows us to avoid some unnecessary warnings about usage.
Unfortunately, many builds of OpenSSL do not allow you to swap
allocators; for example FIPS builds and the builds running in CentOS.

Try to swap the allocators, but do not fail when they cannot be
customized.

sha1dc: remove conditional for <sys/types.h>