add support for protecting references against 'got send -f' to gotd ok op@

include sha2.h too where sha1.h is included In preparation for wide sha256 support; stsp@ agrees. Change done mechanically with find . -iname \*.[cy] -exec sam {} + X ,x/<sha1\.h>/i/\n#include <sha2.h>

update client state tracking in the gotd parent process The session process takes over the old state definitions under a new name ("session state"). The parent only needs to keep track of whether a client has been granted access, so it only uses two states: NEW, and ACCCESS_GRANTED which is set as soon as the auth process has granted repository access and before the session and repo_read/repo_write children are started. Because 'gotctl info' can no longer observe the session state remove support code for printing it. ok op@

remove support for showing client capabilities in 'gotctl info' The gotd parent process has lost access to client capabilities. Take the easy way out and remove related code. If needed, client capabilities can still be found in the debug log with 'gotd -v'. ok op, jamsek

add a gotd session process, split off from the parent process The new session process is able to manipulate files in the repository and keeps track of the read/write client session state. The parent process now restricts its view of the filesystem to the absolute path stored in argv[0], and combines this with unveil "x" on this path. As a result the parent process can only re-exec itself. small tweaks + ok op@

fix gotctl usage string

gotctl: simplify socket_path handling ok stsp@

add gotctl(8); initially supported commands are 'info' and 'stop' This will be used by an upcoming regress test suite for gotd(8). ok tracey