gotd.conf: fix memleak in `protect' error path and disallow dups too ok stsp@

add support for protecting references against 'got send -f' to gotd ok op@

avoid gitwrapper printing a warning when /etc/gotd.conf does not exist gotd still requires the config file, of course, but gitwrapper must treat is as optional and remain silent if the file cannot be found.

add gitwrapper(1) ok op@, tracey@ earlier version

gotd requires a config file; don't fail silently when gotd.conf cannot be read Fixes an issue encountered by mlarkin@ where the auth process was working with an empty list of repositories and kept saying it could not find a repository which was obviously listed in gotd.conf. Now we can see errors from fopen() in the logs instead. Old code was copied from gotwebd where the config file is optional.

include sha2.h too where sha1.h is included In preparation for wide sha256 support; stsp@ agrees. Change done mechanically with find . -iname \*.[cy] -exec sam {} + X ,x/<sha1\.h>/i/\n#include <sha2.h>

rm unused boolean grammar. ok stsp@

gotd: move socket path check to parse.y and error from the main process It's handy to have a "bad unix socket path" error being reported directly from the main process since can get caught by `gotd -n'. ok jamsek stsp

gotd: move nrepos check to parse_config ok jamsek stsp

call realpath() during early startup in gotd's parse.y This ensures that all repositories exist when the process is first started. It will also help to avoid an "rpath" pledge promise in a future gotd which uses a separate session process, by avoiding realpath() calls while starting new processes.

switch gotd.conf syntax from 'unix_socket' to 'listen on' ok op@

remove the gotsh group requirement from gotd; any user can now connect Repository access is now controlled by access rules in gotd.conf, and concurrent connections to the gotd socket by local users are limited by the listen process. We should keep refining our anti-DoS measures in the future, but at least we have something in place now. ok jamsek, op

simplify gotd' timeouts string parsing no need to duplicate what strtonum does; pass the *real* maximum value allowed to it directly. ok stsp@

gotd: allow to express timeouts using minutes/hours This allows to use a suffix to indicate the unit of measure, such as "1h" for one hour or "30m" for 30 minutes. The suffix "s" for seconds is also accepted for completeness. ok stsp

enforce gotd request timeout > 0; the code doesn't handle zero right now spotted by + ok op@