port reviewed security improvements from GitPython pull request

Hans-Christoph Steinerrequested to merge
eighthave/fdroidserver:port-GitPython-security-improvements into master

This has been reviewed by two GitPython maintainers, but not yet merged. So cherry-pick the features that can be applied to vcs_git. The GitPython maintainers know Git really well, they are also implementing Git in Rust. https://github.com/gitpython-developers/GitPython/pull/2029

I also checked to make sure this change is compatible with all active Repo: URLs as well as all the URLs for Git submodule as used on the buildserver host. Here's the script to run that:

#!/bin/sh -e
#
# Check all git URLs from gitmodules.tar.gz, which is all the
# .gitmodules files from the buildserver.  For all working git URLs,
# check whether they also work with the proposed security
# restrictions.
#
# gitmodules.tar.gz was made on the buildserver host by doing:
#
# cd ~/fdroiddata/build
# find . -type f -name .gitmodules -print0 | tar -czf /tmp/gitmodules.tar.gz --null -T -

for url in `tar -xO -f gitmodules.tar.gz | grep url | sed 's,\s*url = *,,' | grep -v '^\.\./' | sort -u`; do
    echo $url
    git \
        -c http.followRedirects=true \
        -c core.askpass=/bin/true \
        -c http.lowSpeedTime=5 \
        -c core.hooksPath=/dev/null \
        -c core.sshCommand=/bin/true \
        -c credential.helper=/bin/true \
        -c http.emptyAuth=true \
        ls-remote $url > /dev/null 2>&1 || continue
    GIT_ASKPASS=/bin/true \
        SSH_ASKPASS=/bin/true \
        GIT_EDITOR=/bin/true \
        GIT_PAGER=/bin/true \
        GIT_SSH=/bin/false \
        GIT_SSH_COMMAND=/bin/true \
        GIT_TERMINAL_PROMPT=false \
        git \
        -c http.lowSpeedTime=5 \
        -c http.followRedirects=true \
        -c core.askpass=/bin/true \
        -c core.fsmonitor=false \
        -c core.hooksPath=/dev/null \
        -c core.sshCommand=/bin/true \
        -c credential.helper=/bin/true \
        -c http.emptyAuth=true \
        -c protocol.allow=never \
        -c protocol.https.allow=always \
        -c url.https://bitbucket.org/.insteadOf=git@bitbucket.org: \
        -c url.https://codeberg.org/.insteadOf=git@codeberg.org: \
        -c url.https://github.com/.insteadOf=git@github.com: \
        -c url.https://gitlab.com/.insteadOf=git@gitlab.com: \
        -c url.https://.insteadOf=git:// \
        -c url.https://.insteadOf=http:// \
        -c url.https://.insteadOf=ssh:// \
        ls-remote $url || echo $url >> /tmp/failed.txt
    echo
done

Merge request reports