apply: small fixups in the test suite

signature: fix out-of-bounds read when parsing timezone offset

Since commit 56ffdfc6 (buffer: deprecate `git_buf_free` in favor of
`git_buf_dispose`, 2018-02-08), the function `git_buf_free` is
deprecated and shall not be used anymore. As part of the new apply
framework that has been cooking for quite some time some new references
have been introduced to that deprecated function. Replace them with
calls to `git_buf_dispose`.

Some function calls in the new "apply" test suite were missing the
checks whether they succeeded as expected. Fix this by adding the
missing `cl_git_pass` wrappers.

Remote creation API

Index collision fixes

Patch (diff) application

smart transport: only clear url on hard reset (regression)

When parsing a signature's timezone offset, we first check whether there
is a timezone at all by verifying that there are still bytes left to
read following the time itself. The check thus looks like `time_end + 1
< buffer_end`, which is actually correct in this case. After setting the
timezone's start pointer to that location, we compute the remaining
bytes by using the formula `buffer_end - tz_start + 1`, re-using the
previous `time_end + 1`. But this is in fact missing the braces around
`(tz_start + 1)`, thus leading to an overestimation of the remaining
bytes by a length of two. In case of a non-NUL terminated buffer, this
will result in an overflow.

The function `git_signature__parse` is only used in two locations. First
is `git_signature_from_buffer`, which only accepts a string without a
length. The string thus necessarily has to be NUL terminated and cannot
trigger the issue.

The other function is `git_commit__parse_raw`, which can in fact trigger
the error as it may receive non-NUL terminated commit data. But as
objects read from the ODB are always NUL-terminated by us as a
cautionary measure, it cannot trigger the issue either.

In other words, this error does not have any impact on security.

After creating a transport for a server, we expect to be able to call
`connect`, then invoke subsequent `action` calls.  We provide the URL to
these `action` calls, although our built-in transports happen to ignore
it since they've already parsed it into an internal format that they
intend to use (`gitno_connection_data`).

In ca2eb460, we began clearing the URL
field after a connection, meaning that subsequent calls to transport
`action` callbacks would get a NULL URL, which went undetected since the
builtin transports ignore the URL when they're already connected
(instead of re-parsing it into an internal format).

Downstream custom transport implementations (eg, LibGit2Sharp) did
notice this change, however.

Since `reset_stream` is called even when we're not closing the
subtransport, update to only clear the URL when we're closing the
subtransport.  This ensures that `action` calls will get the correct URL
information even after a connection.

Tree parsing fixes

Ensure that we can add a file back after it's been removed.  Update the
renamed/deleted validation in application to not apply to deltas that
are adding files to support this.

Ensure that we cannot modify a file after it's been renamed out of the
way.  If multiple deltas exist for a single path, ensure that we do not
attempt to modify a file after it's been renamed out of the way.

To support this, we must track the paths that have been removed or
renamed; add to a string map when we remove a path and remove from the
string map if we recreate a path.  Validate that we are not applying to
a path that is in this map, unless the delta is a rename, since git
supports renaming one file to two different places in two different
deltas.

Further, test that we cannot apply a modification delta to a path that
will be created in the future by a rename (a path that does not yet
exist.)

Multiple deltas can exist in a diff, and can be applied in-order.
If there exists a delta that modifies a file followed by a delta that
renames that file, then both will be captured.  The modification delta
will be applied and the resulting file will be staged with the original
filename.  The rename delta will be independently applied - to the
original file (not the modified file from the original delta) and staged
independently.

Multiple deltas can exist in a diff, and can be applied in-order.
However if there exists a delta that renames a file, it must be first,
so that other deltas can reference the resulting target file.

git enforces this (`error: already exists in index`), so ensure that we
do, too.

Ensure that we can apply a delta after renaming a file.

git allows a patch file to contain multiple deltas to the same file:
although it does not produce files in this format itself, this could
be the result of concatenating two different patch files that affected
the same file.

git apply behaves by applying this next delta to the existing postimage
of the file.  We should do the same.  If we have previously seen a file,
and produced a postimage for it, we will load that postimage and apply
the current delta to that.  If we have not, get the file from the
preimage.

Test that a patch can contain two deltas that appear to rename an
initial source file to two different destination paths.  Git creates
both target files with the initial source contents; ensure that we do,
too.

Test that we can apply a patch that renames two different files to the
same target filename.  Git itself handles this scenario in a last-write
wins, such that the rename listed last is the one persisted in the
target.  Ensure that we do the same.

Test a rename from A->B simultaneous with a rename from B->A.

Test that we can rename some file from B->C and then rename some other
file from A->B.  Do this with both exact rename patches (eg `rename from
...` / `rename to ...`) and patches that remove the files and replace
them entirely.

Deltas containing exact renames are special; they simple indicate that a
file was renamed without providing additional metadata (like the
filemode).  Teach the reader to provide the file mode and use the
preimage's filemode in the case that the delta does not provide one.)

When applying to both the index and the working directory, ensure that
the working directory's mode matches the index's mode.  It's not
sufficient to look only at the hashed object id to determine that the
file is unchanged, git also takes the mode into account.

Create a test applying a patch with a rename and a modification of a
file.

Add hunk callback parameter to git_apply__patch to allow hunks to be skipped.

None of the reader implementations actually allocate anything
themselves, so they don't need a free function.  Remove it.

Introduce a callback to patch application that allows consumers to
cancel hunk application.

Test that we can return a non-zero value from the apply delta
callback and it will skip the application of a given delta.

Test that we can return an error from the apply delta callback and the
error code is propagated back to the caller.

Introduce a callback to the application options that allow callers to
add a per-delta callback.  The callback can return an error code to stop
patch application, or can return a value to skip the application of a
particular delta.

Move the location option to an argument, out of the options structure.
This allows the options structure to be re-used for functions that don't
need to know the location, since it's implicit in their functionality.
For example, `git_apply_tree` should not take a location, but is
expected to take all the other options.

Place the entire `git_apply` operation inside an indexwriter, so that we
lock the index before we begin performing patch application.  This
ensures that there are no other processes modifying things in the
working directory.

Test that a mode change is reflected in the working directory or index.

Ensure that we accurately CR/LF filter when reading from the working
directory.  If we did not, we would erroneously fail to apply the patch
because the index contents did not match the working directory contents.

When reading a file from the working directory, ensure that we apply any
necessary filters to the item.  This ensures that we get the
repository-normalized data as the preimage, and further ensures that we
can accurately compare the working directory contents to the index
contents for accurate safety validation in the `BOTH` case.

When applying to both the index and the working directory, ensure that
the index contents match the working directory.  This mirrors the
requirement in `git apply --index`.

This also means that - along with the prior commit that uses the working
directory contents as the checkout baseline - we no longer expect
conflicts during checkout.  So remove the special-case error handling
for checkout conflicts.  (Any checkout conflict now would be because the
file was actually modified between the start of patch application and
the checkout.)