This patch fixes possible memleak.

NO_DOC=Possible bug
NO_TEST=No proper way to test
NO_CHANGELOG=Possible bug

If the authentication method isn't specified with the user credentials,
the client uses the one received in reply to IPROTO_ID. If it's unknown
to the client, it falls back on AUTH_METHOD_DEFAULT.

A test and a changelog will be added to the Enterprise Edition, which
supports more than one authentication method.

Part of #7989

NO_DOC=ee
NO_TEST=ee
NO_CHANGELOG=ee

If the authentication method isn't specified with the user credentials,
the client uses the one received in reply to IPROTO_ID. If it's unknown
to the client, it falls back on AUTH_METHOD_DEFAULT.

A test and a changelog will be added to the Enterprise Edition, which
supports more than one authentication method.

Part of #7989

NO_DOC=ee
NO_TEST=ee
NO_CHANGELOG=ee

Part of #7989

@TarantoolBot document
Title: Document IPROTO_AUTH_TYPE - new key of IPROTO_ID

A new key was added to the `IPROTO_ID` response:
name `IPROTO_AUTH_TYPE`, code 0x5b, value type `MP_STR`.

Its value equals the name of the authentication method that is
currently used on the server for generating user authentication
data from a password `box.schema.passwd()`. It's configured with
`box.cfg.auth_type`.

In Community Edition, the only authentication method currently
available is 'chap-sha1'. Other authentication methods may be used
in Enterprise Edition.

A client can use the received value as the authentication method
that should be used by default, in case it isn't specified explicitly
along with the user credentials.

We need it to retrieve the default authentication method that should be
used by the applier if not set explicitly in URI. In future, we may also
use it for other things, e.g. fetching the master's name.

The IPROTO_ID request is sent only if the master's version is >= 2.10.0.
An error received in reply to IPROTO_ID is logged, but doesn't abort
replication, because IPROTO_ID is optional.

Needed for #7989

NO_DOC=internal
NO_CHANGELOG=internal

The ./test/luatest_helpers/interactive_tarantool.lua module is not
a luatest helper. So moving it to the ./test/ dir and removing empty
./test/luatest_helpers/.

NO_DOC=testing stuff
NO_TEST=testing stuff
NO_CHANGELOG=testing stuff

Some internal modules have been recently copied to luatest repo [1] and
now they can be safely removed, and the corresponding functionality from
luatest can be used instead.

Affected modules:

- test/luatest_helpers/cluster.lua

[1] tarantool/luatest#271

Closes tarantool/luatest#237
Closes tarantool/luatest#269

NO_DOC=testing stuff
NO_TEST=testing stuff
NO_CHANGELOG=testing stuff

Bump test-run to new version with the following improvements:

- Bump luatest to 0.5.7-20-g48c406a [1]

[1] tarantool/test-run#366

Part of tarantool/luatest#237

NO_DOC=testing stuff
NO_TEST=testing stuff
NO_CHANGELOG=testing stuff

Before the patch, fiber->storage.lua.stack is used for
`panic` calls. However, some fibers don't have any Lua
state saved in their storage (for example, space
triggers).

After the patch, the Lua state pointed by `cur_L` is
used to make those calls, as it is always present.

Closes #6647
NO_DOC=bugfix

If an IO stream is encrypted, it should set flag IOSTREAM_IS_ENCRYPTED.
If an authentication method requires the channel to be encrypted, it
should set flag AUTH_METHOD_REQUIRES_ENCRYPTION. An attempt to use an
authentication method that requires encryption over an unencrypted IO
stream will raise an error ER_UNSUPPORTED("Authentication method '%s'
does not support unencrypted connection"). This check is performed by
both net.box and applier.

Needed for https://github.com/tarantool/tarantool-ee/issues/322

NO_DOC=ee
NO_TEST=ee
NO_CHANGELOG=ee

The only reason why libunwind.h is included into backtrace.h (and then
transitively into fiber.h) is use of unw_word_t type. Let's replace it
with uintptr_t and use unw_word_t only for interacting with the unwind
library.

This commit partially reverts commit 6d088b56 ("build: fix
libunwind.h search in test files"), because we don't need to
include libunwind.h into tests anymore.

Fixes #8025

NO_DOC=refactoring
NO_TEST=refactoring
NO_CHANGELOG=changelogs/unreleased/fix-libunwind-h-search.md

Before commit 24323448 ("log: add log.new() function that creates a
new logger"), log_write_flightrec() was called from log_vsay() regardless
of the log level. After, the log level is checked in Lua, so log_vsay()
may not be called. This patch restores the original behaviour by moving
log_write_flightrec() calls to say_default() and say().

Part of https://github.com/tarantool/tarantool-ee/issues/320

NO_DOC=bugfix
NO_CHANGELOG=unreleased
NO_TEST=will be enabled in EE, because there are no flightrec in CE

If env vars like TT_LOG, TT_LOG_LEVEL etc that specify log options are set
then log.cfg() should take them into account if called before box.cfg().

Closes #6011
Closes #7461

@TarantoolBot document
Title: log: take into account env vars on log.cfg call
Since: 2.11

If env vars like TT_LOG, TT_LOG_LEVEL etc that specify log options are set
then log.cfg() take them into account if called before box.cfg().

The 'copy' ptr is checked for NULL after dereferencing. Found by PVS.

https://jira.vk.team/browse/TNT-698

It can hardly result in a null-ptr dereference, because vy_stmt_dup()
uses malloc(), which doesn't normally fail (instead, the OOM killer just
kills the process if there's a severe shortage of memory, see #3534).
Still, PVS rightfully complains about it so let's fix it.

Fixes commit 902d212b ("vinyl: zap vy_write_iterator->format")

NO_DOC=bug fix
NO_TEST=unreproducible
NO_CHANGELOG=unreproducible

This commit adds function stubs security_init and security_free that
are called after auth_init and before auth_free, respectively. We'll
define them in the EE repository along with the enabling macros:
ENABLE_SECURITY and SECURITY_SOURCES. We'll start with adding extra
authentication methods in security_init. Later on, we'll implement more
security features, like password strength enforcement or authentication
delay.

Needed for https://github.com/tarantool/tarantool-ee/issues/295

NO_DOC=internal
NO_TEST=internal
NO_CHANGELOG=internal

After checking that the received authentication method and type are
compatible with auth_request_check(), authenticate() tries to
authenticate it using the user's authentication method with
authenticate_request(). The problem is the user may use a different
authenticate method from the one received in the request while
authenticate_request() expects the request to be valid. As a result,
it may crash in this case. Fix this by ensuring that the user's
authentication method matches the one received in the request.

Follow-up commit b5754d3f ("box: make auth subsystem pluggable")
Follow-up #7986

NO_DOC=bug fix
NO_CHANGELOG=unreleased
NO_TEST=will be added to EE, because CE supports just one auth method

The authentication method can be specified via the 'auth_type' uri
parameter, e.g.

  box.cfg({replication = 'user:password@host:port?auth_type=chap-sha1'})

The only authentication method supported by Community Edition (CE)
is 'chap-sha1' so we don't document or announce this feature in CE.
More methods and tests will be added to Enterprise Edition (EE).

Part of #7988

NO_DOC=ee
NO_CHANGELOG=ee

This commit adds a new option for net.box.connect - auth_type.
The option takes an authentication method name (string) that will
be used to authenticate the client on connect. Like user name and
password, the new option may also be passed via uri parameters, e.g.

  net.connect('host:port', {
      user = 'user',
      password = 'password',
      auth_type = 'chap-sha1',
  })
  net.connect('user:password@host:port?auth_type=chap-sha1')

The only authentication method supported by Community Edition (CE)
is 'chap-sha1' so we don't document or announce this feature in CE.
More methods and tests will be added to Enterprise Edition (EE).

Part of #7988

NO_DOC=ee
NO_CHANGELOG=ee

This commit adds a new box configuration option - box.cfg.auth_type.
The option takes an authentication method name (string) that will be
used by box.schema.user.passwd to generate user authentication data.

The only authentication method supported by Community Edition (CE)
is 'chap-sha1' so we don't document or announce this feature in CE.
More methods and tests will be added to Enterprise Edition (EE).

Part of #7988

NO_DOC=ee
NO_CHANGELOG=ee

The dependency is redundant, because the library is now bundled into
tarantool (see PR #6877).

There is a practical reason to remove it: this way we'll verify that
presence of system libunwind headers is not necessary to build
tarantool. In other words, we'll verify that #8025 will not appear
again.

Follows up #8025
Follows up #6877
Part of #6998

NO_DOC=No user visible changes, just some validation for a build fix.
NO_TEST=See NO_DOC.
NO_CHANGELOG=See a changelog entry in the previous commit.

The problem is described in a previous commit. In short: inclusion of
`fiber.h` leads to inclusion of `libunwind.h`, but it is not necessarily
in include paths that used for testing sources.

We can add the include path or eliminate the `fiber.h` dependency. I
have no strict preference here. However the latter allows to write
public API and internal API calls differently in the testing code and it
looks more clean.

The implementation is based on the `tnt_internal_symbol()` function,
which was introduced to make a dark magic of this kind. See commit
395c30e8 ("fiber_channel: add accessor to internal functions").

Fixes #8025

NO_DOC=It is a fix of a build failure.
NO_TEST=It is a fix of a build failure.

## The problem

Case: a build host has no libunwind installed into the system. Dispite
that tarantool has libunwind bundled as a git submodule (see PR #6877),
the build fails in the case:

NO_WRAP
```
In file included from <...>/src/lib/core/fiber.h:47,
                 from <..some test/**/*.{c,cc} file..>:
<...>/src/lib/core/backtrace.h:14:10: fatal error: libunwind.h: No such file or directory
   14 | #include "libunwind.h"
      |          ^~~~~~~~~~~~~
```
NO_WRAP

The problem appears when `ENABLE_BACKTRACE` and
`ENABLE_BUNDLED_LIBUNWIND` CMake options are enabled. They're enabled by
default for most targets.

The compilation fails for testing files, which include `fiber.h`. The
`fiber.h` header includes `backtrace.h`, which includes `libunwind.h`.
The `libunwind.h` header couldn't be found if appropriate include
directory is not passed to a compiler.

Almost half (45/102) of unit tests includes `fiber.h` directly or
indirectly. Swim fuzzers include it too.

## The solution

Just add libunwind's include directory to compilation of those files.

The include path is added as a system one to suppress warnings from the
third party project. It follows the way the directory is included into
tarantool's build, see PR #6877.

The uri unit test includes `fiber.h`, but actually doesn't use it. The
test has no CMake dependency on the `core` library and so the build
system may attempt to build it before `libunwind.h` is installed into
`LIBUNWIND_INCLUDE_DIR`. Eliminated redundant includes from the test.

Note: this commit solves only a part of the problem: it fixes
compilation of unit tests and fuzzers. There are other test files that
include `fiber.h` and it'll be fixed in the next commit.

Part of #8025

NO_DOC=It is a fix of a build failure.
NO_TEST=It is a fix of a build failure.
NO_CHANGELOG=Only part of the problem is solved here. A following commit
             will add a changelog entry.

ChristopherHX/github-act-runner@0.4.1, which we use on FreeBSD,
is incompatible with newest actions/checkout@v3.2.0, aliased to @v3.
Until this is resolved, FreeBSD workflows will use fixed version
actions/checkout@v3.1.0.

actions/checkout@v3.2.0 fails with an unclear error:

>   Run actions/checkout@v3
>     git clone 'https://github.com/actions/checkout' # ref=v3
> Error: Unable to resolve v3: unsupported object type
> Error: Unable to resolve v3: unsupported object type
> Error:     Failure - actions/checkout@v3
> Error: unsupported object type

NO_DOC=CI
NO_TEST=CI
NO_CHANGELOG=CI

Fixes #7714

@TarantoolBot document
Title: TT_PRELOAD

A script file or a module may be specified in the `TT_PRELOAD`
environment variable to load before the main script. For example:

```shell
$ TT_PRELOAD=/path/to/foo.lua tarantool main.lua
```

The `foo.lua` script will be executed before `main.lua`.

```shell
$ TT_PRELOAD=foo.bar.baz tarantool main.lua
```

The `foo.bar.baz` module will be loaded before executing `main.lua`.

A value that ends with `.lua` is considered as a script file, otherwise
it is considered as a module name.

Several files or modules may be passed as a semicolon separated list:

```shell
$ TT_PRELOAD="/path/to/foo.lua;foo.bar.baz" tarantool main.lua
```

Don't forget quotes, a shell interprets a semicolon on its own.

Redundant (duplicated, leading, trailing) semicolons are ignored.

If something goes wrong at script/module execution, tarantool reports
the problem and exits.

A script receives a path to the file in `...`, a module gets the module
name. `arg` is the same as for the main script.

Support for OpenSUSE 15.1/15.2 has been recently dropped.
There is no sense to keep the dead code. So removing it.

Follows up #8021

NO_DOC=cd
NO_TEST=cd
NO_CHANGELOG=cd

Not used anywhere anymore. No need in it, because SHA1 is provided by
the OpenSSL library.

Closes #7987

NO_DOC=code cleanup
NO_TEST=code cleanup
NO_CHANGELOG=code cleanup

Since commit f6ea7180 ("Try to load several variants of libssl.")
the digest module uses an internal version of SHA1. Back then, we didn't
link the OpenSSL library. Instead, we tried to load it dynamically.
Since on some distributions the library could be missing, it was decided
to implement an internal version of SHA1, see #405.

However, since commit 59a55740 ("Link against libssl and libcrypto.
Issue #1382") we link the OpenSSL library unconditionally so there's no
need in having an internal implementation of SHA1. Let's drop it and
switch the digest module to the version of SHA1 implemented by the
crypto module using OpenSSL.

Part of #7987

NO_DOC=code cleanup
NO_TEST=code cleanup
NO_CHANGELOG=code cleanup

We added an internal version of SHA1, because initially we didn't link
the OpenSSL library. However, since commit 59a55740 ("Link against
libssl and libcrypto. Issue #1382") we do so there's no need in it.

Part of #7987

NO_DOC=code cleanup
NO_TEST=code cleanup
NO_CHANGELOG=code cleanup

Scramble is used only by the chap-sha1 authentication mechanism,
which has a proper API. There's no need in a standalone scramble lib.

Part of #7987

NO_DOC=code cleanup
NO_TEST=code cleanup
NO_CHANGELOG=code cleanup

Authentication salt is expected to be 20 byte long (SCRAMBLE_SIZE).
However, IPROTO sends 36 bytes (IPROTO_SALT_SIZE). Let's add a few
assertions ensuring that we never pass less than 20 bytes to
authentication methods.

Part of #7987

NO_DOC=code cleanup
NO_TEST=code cleanup
NO_CHANGELOG=code cleanup

box_cfg_xc() initializes a lot of storage-specific modules like
gc, engine, schema, etc.

These modules were supposed to be destroyed by box_free(), but it
didn't happen if an exception was thrown during box_cfg_xc().

For example, memtx engine might be initialized and even have a
snapshot thread running, then SIGTERM would arrive, and the
process would try to free all initialized modules skipping the
box-ones.

It sometimes resulted in fiber_free() being called, all fiber
stacks freed, and then the snapshot thread ending. Its join was
already started in memtx_engine_wait_checkpoint(), it already had
an on-exit callback prepared. The callback was stored on the stack
of one of the deleted fibers in a struct cord_on_exit. The struct
was garbage and the callback invocation would crash.

The patch makes the storage-specific modules be destroyed even if
box.cfg{} didn't end but those modules were initialized.

The test is a bit more complicated. Just testing that the process
can finish without crashes wouldn't be possible:

- Luatest server:stop() doesn't waitpid() the child process. As a
  result the exit code is just lost. Even if the process would
  crash somewhere in the end, it wouldn't be detected.

- On MacOS a crash in any non-main thread is ignored because all
  threads but the main one have all the signals blocked (see
  tt_pthread_create()). On Mac apparently the blockage of
  SIGSEGV/SIGABRT or some other signal causes their turning into
  mach exceptions which are simply not handled atm. As a result,
  the "crashed" thread is just frozen and the main thread ends
  fine (in a test for this particular bug) (#8023).

Closes #7743

NO_DOC=bugfix

It is a wrapper around pthread cancel and join. It was repeated
many times and was dangerous, because left cord.id set. An
accidental attempt to cord_join/cojoin() such cord would lead to
UB then.

The patch introduces a function which encapsulates the blocking
cancellation. It is going to be used in a next patch to count the
number of cords in the process. Which in turn is needed for a new
test.

The counter is atomic in case some cords would be created not by
the main cord.

There are now also more sanity checks against accidental attempts
to join the same cord twice.

Needed for #7743

NO_DOC=internal
NO_CHANGELOG=internal

Added tarantool.compat option that allows yaml.encode() to encodes all
strings containing a newline in a more convenient block scalar style.
This is a breaking change, programs that rely on precise lyaml encoding
may fail if the new behavior is selected.

Closes #3012
Requires #7060
Requires #8007

@TarantoolBot document
Title: YAML formatter improvement

Now yaml.encode() can encode strings with a newline in block scalar style,
see https://yaml.org/spec/1.2-old/spec.html#style/block/literal and
https://github.com/tarantool/tarantool/wiki/compat%3Ayaml_pretty_multiline

old:
```
tarantool> compat.yaml_pretty_multiline = 'old'
---
...

tarantool> return "Title: xxx\n- Item 1\n- Item 2\n"
---
- 'Title: xxx

  - Item 1

  - Item 2

  '
...

```

new:
```
tarantool> compat.yaml_pretty_multiline = 'new'
---
...

tarantool> return "Title: xxx\n- Item 1\n- Item 2\n"
---
- |
  Title: xxx
  - Item 1
  - Item 2
...

```

For unknown reason in upstream lua_cjson '/' was escaped
while according to the standard [rfc4627] it is unnecessary and is
questionably compatible with other implementations.

It was decided that the change will be introduced using
tarantool.compat (gh-7000). The patch adds json_escape_forward_slash
option to compat and its logic in lua_cjson and msgpuck.

Requires #7060
Requires #8007
Fixes #6200
See also #7000

@TarantoolBot document
Title: new compat option json_escape_forward_slash

In the new behavior forward slash is not escaped in `json.encode()`
and msgpack:

```
tarantool> compat.json_escape_forward_slash = 'new'
---
...

tarantool> json.encode('/')
---
- '"/"'
...

tarantool> compat.json_escape_forward_slash = 'old'
---
...

tarantool> json.encode('/')
---
- '"\/"'
...
```

The `recursive_rmdir` can start execution while tarantool instance
started by the tarantoolctl is in the process of shutdown. As a result
the instance pid file can be available at the name collection, but by
the time of its removal the instance deletes it by itself.

NO_DOC=test
NO_CHANGELOG=test

Closes #3211

NO_TEST=Documentation

@TarantoolBot document
Title: Per-module log level
Root document: https://www.tarantool.io/en/doc/latest/reference/configuration/#logging

Since version 2.11 it is possible to specify the log level for each
module separately, e.g.:

box.cfg {
    log_level = 5,
    log_modules = {
        ['foo.bar'] = 1,
        expirationd = 'debug'
    }
}

The name of a module is determined automatically during the execution
of `require('log')` in the module's source code. The name is derived
from its filename, including a part of the path. Also it is possible
to create a logger with a custom name by using `log.new()`.

---

Root document: https://www.tarantool.io/en/doc/latest/reference/reference_lua/log/
New function: log.new(name)
Creates a new logger with a custom name.

Parameter `name`:
Type: string
Optional: false

Example:
box.cfg{log_level='error', log_modules={my_module='info'}}
log = require('log')
my_log = log.new('my_module')
my_log.info('Info')

Now the name of a module, from which the logging function was called,
is determined automatically during the execution of `require('log')`
in the module's source code. This is implemented by overriding the
built-in `require` function.

Part of #3211

NO_DOC=See next commit
NO_CHANGELOG=See next commit

Co-authored-by: AnastasMIPT <beliaev.ab@tarantool.org>

Now it is possible to specify the log level for each module separately,
e.g.:

box.cfg {
    log_level = 5,
    log_modules = {
        ['foo.bar'] = 1,
        expirationd = 'debug'
    }
}

Part of #3211

NO_DOC=See next commit
NO_CHANGELOG=See next commit

Co-authored-by: AnastasMIPT <beliaev.ab@tarantool.org>

It allows to create a new instance of a log module, with a custom name:
local my_log = require('log').new('my_module')

The name is added to the log message after fiber name:
YYYY-MM-DD hh:mm:ss.ms [PID]: CORD/FID/FIBERNAME/MODULENAME LEVEL> MSG

Part of #3211

NO_DOC=See next commit
NO_CHANGELOG=See next commit

Co-authored-by: AnastasMIPT <beliaev.ab@tarantool.org>

This commit introduces an abstraction for the authentication code so
that one can easily add new methods. To add a new method, one just needs
to define a set of authentication callbacks in a struct auth_method and
register it with auth_method_register.

The IPROTO_AUTH and _user.auth formats were initially designed with
extensibility in mind: both take the authentication method name
(currently, only 'chap-sha1' is supported) so no changes to the schema
are required.

Note that although 'chap-sha1' is now implemented in its own file
src/box/auth_chap_sha1.c, we don't merge src/scramble.c into it.
This will be done later, in the scope of #7987.

Since we call authentication plug-ins "methods" (not "mechanisms"),
let's rename BOX_USER_FIELD_AUTH_MECH_LIST to BOX_USER_FIELD_AUTH while
we are at it. Anyway, the corresponding field of the _user system space
is called 'auth' (not 'auth_mech_list').

Closes #7986

NO_DOC=refactoring
NO_TEST=refactoring
NO_CHANGELOG=refactoring