see e082ed67; ok stsp@

It's only a preparatory step, as checking whether a size_t is less than SIZE_MAX is moot. In a follow-up commit, however, the `filesize' field of the struct got_pack will become off_t and these checks will kick in. This also makes consistent how we guard mmap(2) against empty files. ok and improvements stsp@

ok stsp@

off_t is a signed type and depending on the platform, it can be "long" or "long long", so cast to long long for printf().

The fix for CVE-2022-39253 in Git made our regression tests fail since creating submodules from local clones is no longer allowed by default. Add an override to our invocations of "git submodule add", the same which was added to Git's regression test suite as part of their fix. This CVE doesn't otherwise affect us. We do not implement submodules. Our use of them in regression tests exists only to ensure that Got does not freak out when it sees one. Precisely because automated support for nested repositories and/or working copies (as in Git Submodules, or Subversion Externals, etc.) have been an endless source of security problems in other systems. sudden test failures pointed out by naddy@

The tslen argument is always in the (1..9) range so `int' is technically fine (even int8_t would be!) but all the callers are passing a size_t, so change the type accordingly. ok stsp@

ok jamsek

ok stsp@

ok jamsek

Prevents a dead-lock in 'tog log' where tog wants to exit (e.g. because the user pressed Ctrl-C) while a got-read-pack child process wants to send more commits. Closing the parent's pipe descriptor makes writes to the pipe fail in the child process. The child then unwinds via an ERR_EOF error and exits, instead of forever polling its end of the pipe in order to write more data. ok jamsek

Provide the ability for -portable to continue to compile, until such time that gotd and gotsh have been enabled in -portable.