This is needed to fix Ninja, which requires them to
build a dependency graph.

NO_DOC=picodata internal patch
NO_CHANGELOG=picodata internal patch
NO_TEST=picodata internal patch

This authentication method doesn't store any secrets; instead,
we delegate the whole auth to a pre-configured LDAP server. In
the method's implementation, we connect to the LDAP server and
perform a BIND operation which checks user's credentials.

Usage example:

```lua
-- Set the default auth method to LDAP and create a new user.
-- NOTE that we still have to provide a dummy password; otherwise
-- box.schema.user.create will setup an empty auth data.
box.cfg({auth_type = 'ldap'})
box.schema.user.create('demo', { password = '' })

-- Configure LDAP server connection URL and DN format string.
os = require('os')
os.setenv('TT_LDAP_URL', 'ldap://localhost:1389')
os.setenv('TT_LDAP_DN_FMT', 'cn=$USER,ou=users,dc=example,dc=org')

-- Authenticate using the LDAP authentication method via net.box.
conn = require('net.box').connect(uri, {
    user = 'demo',
    password = 'password',
    auth_type = 'ldap',
})
```

NO_DOC=picodata internal patch
NO_CHANGELOG=picodata internal patch
NO_TEST=picodata internal patch

GNU GCC compiler has UndefinedBehaviour sanitizer support since
4.9.0 [1], but it was unsupported in tarantool's build. The patch
fixes a build by GNU GCC with enabled UBSan.

1. https://gcc.gnu.org/gcc-4.9/changes.html

NO_CHANGELOG=build
NO_DOC=build
NO_TEST=build

(cherry picked from commit 511e0f50e4b817d576ef4001611fba718ef1bdae)

The patch enable UBsan check signed-integer-overflow that was
disabled globally in commit 5115d9f3
("cmake: split UB sanitations into separate flags.") and disable
it for a several functions inline.

See also #10703
See also #10704
Closes #10228

NO_CHANGELOG=codehealth
NO_DOC=codehealth
NO_TEST=codehealth

(cherry picked from commit 60ba7fb4c0038d9d17387f7ce9755eb587ea1da4)

The following UBSan checks have been enabled back:

- vptr
- implicit-signed-integer-truncation
- implicit-integer-sign-change
- nullability-arg
- nullability-assign
- nullability-return
- returns-nonnull-attribute

These checks doesn't trigger errors anymore and no sense to keep
them disabled.

Part of #10228
Related to #10741
Related to #10740

NO_CHANGELOG=codehealth
NO_DOC=codehealth
NO_TEST=codehealth

(cherry picked from commit e65b63df7f5a8a628cd9a9bbc6a1bdecec8c9959)

The commit 366cb668 ("cmake: add option ENABLE_UB_SANITIZER")
added UndefinedBehaviour sanitizer support with the whitelist of
checks (all checks are disabled and a several checks are
enabled). The patch replaces the whitelist by blacklist (all
checks are enabled and a several checks are disabled).

Part of #10228
Related to #10742

NO_CHANGELOG=codehealth
NO_DOC=codehealth
NO_TEST=codehealth

(cherry picked from commit 2125a4304844669884bfa887657fd20f15504a5a)

GNU GCC compiler has AddressSanitizer support since 4.8.0 [1],
but it was unsupported in tarantool's build. The patch
fixes a build by GNU GCC with enabled AddressSanitizer.

1. https://gcc.gnu.org/gcc-4.8/changes.html

NO_CHANGELOG=build
NO_DOC=build
NO_TEST=build

(cherry picked from commit ef91f92a22c6d7910ecdd00ab14da359343a2ec2)

The reason is that the previous libcurl submodule update in commit
0919f390802f146852b462215327ef03e2730cfc ("third_party: update libcurl from
8.8.0 to 8.10.1") reveals the following regression:

NOWRAP
```c
$ tarantool -e "require('http.client').new():get('https://google.com') collectgarbage()"
tarantool: ./third_party/curl/lib/multi.c:3691: curl_multi_assign: Assertion `!(multi)' failed.
Aborted (core dumped)
```
NOWRAP

The stacktrace is the following:

NOWRAP
```c
<...>
#4  __assert_fail
#5  curl_multi_assign            // <- called by us
#6  curl_multi_sock_cb           // <- this is our callback
#7  Curl_multi_pollset_ev
#8  cpool_update_shutdown_ev
#9  cpool_discard_conn
#10 cpool_close_and_destroy_all
#11 Curl_cpool_destroy
#12 curl_multi_cleanup
#13 curl_env_finish              // <- destroy the multi handle
#14 httpc_env_finish
#15 luaT_httpc_cleanup
#16 lj_BC_FUNCC
#17 gc_call_finalizer
#18 gc_finalize
#19 gc_onestep
#20 lj_gc_fullgc
#21 lua_gc
#22 lj_cf_collectgarbage
#23 lj_BC_FUNCC
#24 lua_pcall
#25 luaT_call
#26 lua_main
#27 run_script_f
#28 fiber_cxx_invoke
#29 fiber_loop
#30 coro_init
```
NOWRAP

The multi handle is during the destroy, but our
`CURLMOPT_SOCKETFUNCTION` callback is invoked and the
`curl_multi_assign()` call (invoked to associate a libev watcher to the
given file descriptor) fails on the assertion. Everything is as
described in https://github.com/curl/curl/issues/15201.

The first bad libcurl's commit is [curl-8_10_0-4-g48f61e781][1], but
later it was fixed in [curl-8_10_1-241-g461ce6c61][2]. This commit
updates libcurl to this revision to fix the regression.

Adjusted build options in our build script:

* Added `CURL_DISABLE_IPFS=ON`: [curl-8_10_1-57-gce7d0d413][3]
* Added `CURL_TEST_BUNDLES=OFF`: [curl-8_10_1-67-g71cf0d1fc][4]
* Changed `ENABLE_WEBSOCKETS=OFF` to `CURL_DISABLE_WEBSOCKETS=ON`:
  [curl-8_10_1-130-gd78e129d5][5]

[1]: https://github.com/curl/curl/commit/48f61e781a01e6a8dbc4a347e280644b1c68ab6a
[2]: https://github.com/curl/curl/commit/461ce6c6160b86439ddd74c59541231ec9e8558e
[3]: https://github.com/curl/curl/commit/ce7d0d41378007eda676c83ad6b86c59870cc9f1
[4]: https://github.com/curl/curl/commit/71cf0d1fca9e1f53524e1545ef0c08d174458d80
[5]: https://github.com/curl/curl/commit/d78e129d50b2d190f1c1bde2ad1f62f02f152db0

NO_DOC=bugfix
NO_CHANGELOG=fixes an unreleased commit
NO_TEST=can't reproduce without https to add a test case, verified
        locally

(cherry picked from commit fbe6d0a0a40945c42609f5119a007b5c3980c232)

The recent libcurl update in commit 0919f390802f ("third_party: update
libcurl from 8.8.0 to 8.10.1") reveals an old problem in our libcurl's
build script: it attempts to disable the libidn2 dependency using the
`-DHAVE_LIBIDN2=OFF` option instead of `-DUSE_LIBIDN2=OFF`.

It doesn't work after a recent curl building machinery change, see
https://github.com/curl/curl/pull/14555

This commit fixes the problem by using `-DUSE_LIBIDN2=OFF`.

Reported in #10621

NO_DOC=build mechanics fixup
NO_CHANGELOG=fixes a non-released commit
NO_TEST=verified locally, seems to need an extra work on a separate CI
        workflow with a particular building environment; no time for
        that tonight, sorry

(cherry picked from commit a4b4158f2196442308aba7df8f8e21b98b5319fc)

Updates curl module to the version 8.10.1. The new version brings
several new options, such as:

CURL_USE_RUSTLS - Enables Rustls for SSL/TLS. Added in commit
curl/curl@ed76a23fccc1 ("cmake: add rustls")

CURL_USE_WOLFSSH - Option to use wolfSSH. Added in commit
curl/curl@0d8fdd1c7421 ("cmake: add wolfSSH support")

CURL_USE_GSASL - Option to use libgsasl.
Added in commit curl/curl@66bf995d1cfc
("cmake: add CURL_USE_GSASL option with detection + CI test")

CURL_DISABLE_SHA512_256 - Disables SHA-512/256 hash algorithm.
Added in commit curl/curl@33629949488c
("build: add options to disable SHA-512/256 hash algo")

CURL_USE_LIBUV - Use libuv for event-based tests. Added in commit
curl/curl@f7d5f47059c3 ("cmake: add support for `CURL_USE_LIBUV` option")

Corrected http_client test according to curl commit curl/curl@b7e769dc872d
("vtls: stop offering alpn http/1.1 for http2-prior-knowledge")

Build file missed several options and paths not used in the current build.
List of these options was added into curl-excluded-options.txt for the
convenience of the following bumps.

Closes #10576

https://curl.se/changes.html#8_10_1
https://github.com/curl/curl/releases/tag/curl-8_10_1

NO_DOC=libcurl submodule bump
NO_TEST=libcurl submodule bump

(cherry picked from commit 0919f390802f146852b462215327ef03e2730cfc)

@Totktonada: the http_client test mentioned in the original commit
message doesn't present in the `release/2.11` branch.

Some curl options appear to missed by several previous curl bumps.
Here is a list of missed options with curl commits in which
they first appeared:

BUILD_EXAMPLES - Build libcurl examples.
Added in curl 8.8.0 release in commit curl/curl@dfdd978f7c60
("cmake: add `BUILD_EXAMPLES` option to build examples")

USE_ECH - Enables ECH support.
Added in curl 8.8.0 release in commit curl/curl@a362962b7289
("TLS: add support for ECH (Encrypted Client Hello)")

USE_HTTPSRR - Enables HTTPS RR support for ECH.
Added in curl 8.8.0 release in commit curl/curl@a362962b7289
("TLS: add support for ECH (Encrypted Client Hello)")

BUILD_STATIC_CURL - Builds curl executable with static libcurl.
Added in curl 8.3.0 release in commit curl/curl@1199308dbc90
("cmake: support building static and shared libcurl in one go")

CURL_DISABLE_NEGOTIATE_AUTH - Disables negotiate authentication.
Added in curl 8.3.0 release in commit curl/curl@e92edfbef644
("lib: add ability to disable auths individually")

CURL_DISABLE_SRP - Disables TLS-SRP support.
Added in curl 8.4.0 release in commit curl/curl@781242ffa44a
("cmake: detect TLS-SRP in OpenSSL/wolfSSL/GnuTLS")

NO_TEST=does not change tarantool behavior
NO_DOC=does not change tarantool behavior

(cherry picked from commit 97e3136ddc691f42cf0a5dff27881978b3c25d52)

Curl option BUILD_MISC_DOCS builds misc man pages and set ON by default.
Other documentation building options such as ENABLE_CURL_MANUAL and
BUILD_LIBCURL_DOCS was set OFF in BuildLibCurl.cmake.
I suppose this option has to be added in commit 7192bf66
("third_party: update libcurl from 8.7.0 to 8.8.0+patches") and set OFF.

Follows up #9885

NO_TEST=does not change tarantool behavior
NO_DOC=does not change tarantool behavior

(cherry picked from commit 1080995fa4083c4de6aa19e964b98f0ffb7e34c5)

CMake 3.29.0 produces a warning on configuration stage:

NO_WRAP
 | CMake Warning (dev) in cmake/ProtobufMutator.cmake:
 |  A logical block opening on the line
 |    /home/sergeyb/sources/MRG/tarantool/cmake/ProtobufMutator.cmake:38 (if)
 |   closes on the line
 |    /home/sergeyb/sources/MRG/tarantool/cmake/ProtobufMutator.cmake:40 (endif)
 |  with mis-matching arguments.
NO_WRAP

The patch fixes the warning.

NO_CHANGELOG=build
NO_DOC=build
NO_TEST=build

(cherry picked from commit 1e9e70f4c55c74c94922cb0beef44ae2b82255a9)

Protocol Buffers library has a name `protobufd` when CMAKE_BUILD_TYPE is
equal to "Debug". In other cases the name is `protobuf`. The patch fixes
the library name.

Follows up commit b11072a6 ("cmake: add dependencies for LuaJIT and
SQL fuzzers").

Follows up #4823

NO_CHANGELOG=build
NO_DOC=build
NO_TEST=build

(cherry picked from commit c0d8cb54)

An attempt to build Tarantool statically by Ninja (with the
enabled CMake option BUILD_STATIC_WITH_BUNDLED_LIBS), error below
is produced:

 | ninja: error: build.ninja:1405: bad $-escape
 | (literal $ must be written as $$)

The commit fixes that error. Follows up commit c92a1699
("cmake: support build using Ninja").

NO_CHANGELOG=build
NO_DOC=build
NO_TEST=build

(cherry picked from commit d48c40e69495b8cc3475ea0b184768054d87b780)

CMake 3.24+ produces a warning about the missed option
DOWNLOAD_EXTRACT_TIMESTAMP in `ExternalProject_Add()` [1]:

 | The DOWNLOAD_EXTRACT_TIMESTAMP option was not given and policy
 | CMP0135 is not set.

Documentation about policy CMP0135 [2] said:

CMake 3.23 and below set the timestamps of the extracted contents
to the same as the timestamps in the archive. When the URL
changes, the new archive is downloaded and extracted, but the
timestamps of the extracted contents might not be newer than the
previous contents. Anything that depends on the extracted contents
might not be rebuilt, even though the contents may change.

CMake 3.24 and above prefer to set the timestamps of all
extracted contents to the time of the extraction. This ensures
that anything that depends on the extracted contents will be
rebuilt whenever the URL changes.

1. https://cmake.org/cmake/help/latest/module/ExternalProject.html#url
2. https://cmake.org/cmake/help/latest/policy/CMP0135.html

NO_CHANGELOG=build
NO_DOC=build
NO_TEST=build

(cherry picked from commit 4c0e08d85cd39916818bc4b915ac3acdacce8fe4)

The patch updates curl module to the version 8.7.1 [1][2] that
brings a number of functional and security fixes, and updates
CMake module for building curl library.

Security fixes:

- CVE-2024-2004: Usage of disabled protocol. (low)
- CVE-2024-2398: HTTP/2 push headers memory-leak. (medium)
- CVE-2024-2379: QUIC certificate check bypass with wolfSSL. (low)
- CVE-2024-2466: TLS certificate check bypass with mbedTLS. (medium)

Changes in CMake module:

- Option `USE_OPENSSL_QUIC` was added and disabled by default [3]

Previous changelog entry has been removed because duplicate
entries about bumps in release changelog confuses end users.

The bump was blocked by a regression in libcurl [4][5].

1. https://curl.se/changes.html#8_7_1
2. https://github.com/curl/curl/compare/curl-8_6_0...curl-8_7_1
3. https://github.com/curl/curl/commit/8e741644a229c3791963b4f5cae1dcfccba842dd
4. https://curl.se/mail/lib-2024-03/0059.html
5. https://github.com/curl/curl/issues/13260

NO_DOC=libcurl submodule bump
NO_TEST=libcurl submodule bump

(cherry picked from commit 63cb2bf6)

The patch updates curl module to the version 8.6.0 [1][2] that
brings a number of functional fixes, and updates CMake module for
building curl library.

Changes in CMake module:

- Option `ENABLE_CURL_MANUAL` was added and disabled by default [3]
- Option `BUILD_LIBCURL_DOCS` was added and disabled by default [3]

Previous changelog entry has been removed because duplicate
entries about bumps in release changelog confuses end users.

This bump was blocked by a regression in libcurl [4].

1. https://curl.se/changes.html#8_6_0
2. https://github.com/curl/curl/compare/curl-8_5_0...curl-8_6_0
3. https://github.com/curl/curl/commit/a808aab06851d4364ab1773c664df3d906a497a9
4. https://github.com/curl/curl/commit/b8c003832d730bb2f4b9de4204675ca5d9f7a903

NO_DOC=libcurl submodule bump
NO_TEST=libcurl submodule bump

(cherry picked from commit 00cfc959)

Bump the OpenSSL library version to 3.2.1 and remove OpenSSL patches which
are already present in the updated library version.

Disable modules in OpenSSL configuration to make sure the OpenSSL 3.0
legacy provider is compiled into the library.

Closes #7502

NO_DOC=<dependency bump>
NO_TEST=<dependency bump>

Co-authored-by: Sergey Bronnikov <sergeyb@tarantool.org>
(cherry picked from commit 8de22969)

The CI/CD builds are performed on VK Cloud virtual machines, so the
access to VK S3 is more reliable than to GitHub archives.

In fact, we experience periodical download problems with source archives
on GitHub in Tarantool Enterprise Edition builds in CI/CD and it is the
motivation to backup the archives on our side. The problems appear quite
frequently last few days.

The download problems are not on VK Cloud side and not on GitHub side.
The packet loss is somewhere in the middle. I don't know an exact reason
for now.

NO_DOC=no user-visible changes
NO_CHANGELOG=see NO_DOC
NO_TEST=see NO_DOC

(cherry picked from commit 03445e6b)

If we run a static build with ASAN enabled via Clang 16, the build will
fail unless `libresolv` is in the white list of static dependencies.
It looks like it is a peculiarity of Clang 16 and higher.

Fixes #9740

NO_DOC=build
NO_TEST=build
NO_CHANGELOG=build

(cherry picked from commit 8f6bc366)

This patch fixes the following error when building tarantool statically
with Clang compiler on a Linux system:

    error: argument unused during compilation: '-static-libstdc++'

Fixes #9646

NO_DOC=build issue
NO_TEST=build issue
NO_CHANGELOG=build issue

(cherry picked from commit 64afe49b)

The patch updates curl module to the version 8.5.0 [1][2] that brings a
number of functional fixes and security fix for CVE-2023-46219 (HSTS
long file name clears contents), see description in [2], and updates
CMake module for building curl library.

Changes in CMake module:

- Option `CURL_DISABLE_HEADERS_API` was added and disabled by default [4].
- Option `CURL_DISABLE_BINDLOCAL` was added and disabled by default [5].
- Option `CURL_DISABLE_INSTALL` was added and disabled by default [6].

1. https://curl.se/changes.html#8_5_0
2. https://github.com/curl/curl/compare/curl-8_4_0...curl-8_5_0
3. https://curl.se/docs/CVE-2023-46219.html
4. https://github.com/curl/curl/commit/33493db2af2dc6d9910f5d7c702aae6f63b8a6a6
5. https://github.com/curl/curl/commit/20bb363f25151febe9026b41b8ad65df6db20b68
6. https://github.com/curl/curl/commit/aace27b0965c10394544d1dacc9c2cb2fe0de3d3

NO_DOC=libcurl submodule bump
NO_TEST=libcurl submodule bump

(cherry picked from commit b8d733df)

The commit "lib: add ability to disable auths individually" [1][2] in
Curl 8.3.0 removes CURL_DISABLE_CRYPTO_AUTH and introduces CMake options
for a number crypto protocols.

The patch reflects this change in Tarantool's build infrastructure.

1. https://github.com/curl/curl/commit/e92edfbef64448ef461117769881f3ed776dec4e
2. https://github.com/curl/curl/pull/11490

Follows up #9086

NO_CHANGELOG=third_party
NO_DOC=third_party
NO_TEST=third_party

(cherry picked from commit c9daf9bf)

The commit "cmake: improve OpenLDAP builds" [1][2] in Curl deletes CMake
option CURL_USE_OPENLDAP.

The patch reflects this change in Tarantool's build infrastructure.

1. https://github.com/curl/curl/commit/751e168d93b4a58f3fbbe2908c0041ae2f934329
2. https://github.com/curl/curl/pull/12024

Follows up #9086

NO_CHANGELOG=third_party
NO_DOC=third_party
NO_TEST=third_party

(cherry picked from commit 7e3dc177)

The patch propagates debug mode to building of third party components:
c-ares, libcurl, libeio, nghttp2, zstd. Other components enables debug
mode automatically once it is enabled in Tarantool build.

Curl has two similar options that enables debug mode, however they are
different: `ENABLE_CURLDEBUG` enable memory debugging and `ENABLE_DEBUG`
restricts code which is only compiled for debug enabled builds [1].

1. https://everything.curl.dev/internals/memory-debugging

NO_CHANGELOG=build
NO_DOC=build
NO_TEST=build

(cherry picked from commit 3dbf19b6)

We run SVACE on static build. It doesn't compile unless libsvace is in
the allow list.

Follow-up #9242

NO_DOC=build
NO_TEST=build
NO_CHANGELOG=build

(cherry picked from commit a6a8ef68)

SVACE stopped working after commit 98b38e89 ("cmake: allow to
bundle static dependencies in main project") changed the bundled libs
directory layout. To fix this, let's introduce the new cmake option
BUNDLED_LIBS_INSTALL_DIR and set it in static-build/CMakeLists.txt to
the legacy location. Also, let's use the legacy directories for each
external project's PREFIX, SOURCE_DIR, BINARY_DIR, and STAMP_DIR.

Follow-up #9242

NO_DOC=build
NO_TEST=build
NO_CHANGELOG=build

(cherry picked from commit 37b1c287)

Instead of using ctest, let's simply run the CheckDependencies.cmake as
a post build command if Tarantool was built without dependencies. The
good thing about it is that the check will run even if the static build
is created directly, without the /static-build/CMakeLists.txt wrapper.

Part of #9242

NO_DOC=build
NO_TEST=build
NO_CHANGELOG=build

(cherry picked from commit fa4939bd)

zzip is installed to lib64/ on some systems by default so we need to
explicitly set the install dir to lib/.

Fixes commit 140fd681 ("cmake: allow to use bundled zzip").

NO_DOC=build
NO_TEST=build
NO_CHANGELOG=build

(cherry picked from commit a2311666)

There's EMBED_LUZIP cmake option that embeds the Lua zip module in
Tarantool binary. Since the Lua zip module depends on the zzip library,
it also links the zzip library. The option is used only by Tarantool EE
so there's no config for bundling the zzip library in the CE repository.
Now, that we bundle all static build dependencies in the main project
cmake config, let's add zzip bundling code here as well. The code of
/cmake/BuildZZIP.make is copied from /static-build/CMakeLists.txt of
the EE repository.

Follow-up #9242

NO_DOC=build
NO_TEST=build
NO_CHANGELOG=build

(cherry picked from commit 140fd681)

The BUILD_STATIC cmake config option forces the build system link
Tarantool binary statically with its dependencies. It expects that all
static libraries on which Tarantool binary depends are available at
build time.

We don't use this option directly to create static binaries because it
would produce different results on different build systems. Instead, we
use the separate cmake config located in the static-build directory,
which fetches all Tarantool dependencies from a predefined location
before building a static binary.

Having a separate cmake config is inconvenient. Let's enable bundling of
static binary dependencies right in the main project cmake config, like
we bundle, for example, libcurl. To achieve that, the new build option
was introduced BUILD_STATIC_WITH_BUNDLED_LIBS. It implies BUILD_STATIC
and also fetches and builds all required dependencies, like the
static-build cmake config used to. The latter doesn't do it anymore;
from now on, it just sets BUILD_STATIC_WITH_BUNDLED_LIBS when building
Tarantool. We can't remove the static-build cmake config yet because
there are quire a few CI workflows depending on it.

Note that, just like BUILD_STATIC, BUILD_STATIC_WITH_BUNDLED_LIBS
doesn't imply OPENSSL_USE_STATIC_LIBS so the latter should be set
explicitly if one wants to use the static openssl library. However,
setting OPENSSL_USE_STATIC_LIBS with BUILD_STATIC_WITH_BUNDLED_LIBS will
force the build system use bundled static openssl library.

This patch is relatively straightforward. It just moves the external
projects from /static-build/cmake/AddDependencyProjects.cmake to /cmake
adding build dependencies where required and setting variables that are
set by the corresponding /cmake/FindXXX.cmake configs.

There are a few things that should be noted separately though:
 - We dropped the ZLIB_FOUND check from the main project cmake config.
   It was used for building EE but the latter is going to be broken
   anyway once this patch is committed. We'll fix it in following
   commits.
 - FindLibUnwind referenced zlib library by ZLIB::ZLIB. We don't set
   it for bundled zlib so let's use ZLIB_LIBRARIES instead.
 - We don't need to detect dependency cflags while building bundled
   libraries as we can reuse the flags set by the main project.
 - We don't use HARDENING_LDFLAGS because it makes no sense when
   building static libraries.

Closes #9242

NO_DOC=build
NO_TEST=build
NO_CHANGELOG=build

(cherry picked from commit 98b38e89)

Currently, we simply include the libyaml source directory into the main
project. The problem is that libyaml uses ICU. If ICU is built outside
the main project cmake config, as it's the case with the static-build,
both the main project and libyaml cmake configs will use the same ICU
version. However, if we build ICU in the main project, as we intend to
do to resolve #9242, it may not work. To fix that, we need to use the
external project API to build libyaml.

Needed for #9242

NO_DOC=build
NO_TEST=build
NO_CHANGELOG=build

(cherry picked from commit 8820f5c9)

The patch updates curl module to the version 8.3.0 [1] and updates a
CMake module for building curl library.

Changes in CMake module:

- Option `CURL_STATICLIB` is gone and replaced with `BUILD_STATIC_LIBS`.
- Option `CURL_USE_GNUTLS` was added and disabled by default.
- NSS library support was removed and option `CURL_USE_NSS` has been
  removed as well.
- Option `CMAKE_UNITY_BUILD` was added and disabled by default.
- Option `CURL_DISABLE_FORM_API` was added and disabled by default. It is
  in fact depends on `CURL_DISABLE_MIME`, but anyway disabled explicitly.

Changelog: https://curl.se/changes.html#8_3_0

1. https://github.com/curl/curl/releases/tag/curl-8_3_0

NO_DOC=libcurl submodule bump
NO_TEST=libcurl submodule bump

Fixes #9086

(cherry picked from commit 979b4adb)

All LuaJIT related LSan warnings were suppressed in the scope of the
commit 985548e4 ("asan: suppress all
LSAN warnings related to LuaJIT"), since all compiler flags tweaks were
enclosed in LuaJIT CMake machinery. As a result of the commit in LuaJIT
submodule tarantool/luajit@a86e376 ("build: introduce LUAJIT_USE_ASAN
option") ASan and LSan support has been finally added to LuaJIT runtime,
so it was decided to remove LSan suppressions for LuaJIT functions.
Unfortunately, it was not so easy as it looked like.

At first, Lua global state is not closed properly at Tarantool instance
exit (see <tarantool_free> in src/main.cc and <tarantool_lua_free> in
src/lua/init.c for more info), so LSan false-positive leaks are detected
(for more info, see #3071). Hence, the original LSan suppression for
lj_BC_FUNCC is returned back (temporarily) until the aforementioned
issue is not resolved.

Furthermore, the internal LuaJIT memory allocator is not instrumented
yet, so to find any memory faults it's worth building LuaJIT with system
provided memory allocator (i.e. enable LUAJIT_USE_SYSMALLOC option).
However, again, since Tarantool doesn't finalize Lua universe the right
way, so running Tarantool testing routine with LUAJIT_USE_SYSMALLOC
enabled generates false-positive LSan leaks. Return back here to enable
LUAJIT_USE_SYSMALLOC, when #3071 is resolved.

Last but not least, the default value of fiber stack size is 512Kb, but
several tests in test/PUC-Rio-Lua-5.1-test suite in LuaJIT submodule
(e.g. some cases with deep recursion in errors.lua or pm.lua) have
already been tweaked according to the limitations mentioned in #5782,
but the crashes still occur while running LuaJIT tests with ASan support
enabled. Experiments once again confirm the notorious quote that "640 Kb
ought to be enough for anybody".

Anyway, LuaJIT tests are added to <test-release-asan> target in .test.mk
and LUAJIT_TEST_ENV is extended with required ASan and LSan options.

Follows up #5878

NO_DOC=ci
NO_TEST=ci
NO_CHANGELOG=ci

(cherry picked from commit bacf4e56)

Follows-up #4823

NO_CHANGELOG=internal
NO_DOC=internal
NO_TEST=internal

(cherry picked from commit 95d62cfc)

Added Google's 'libprotobuf-mutator' and 'protobuf' libraries
for developing grammar-based LuaJIT and SQL fuzzers based on
LibFuzzer.

It is needed to build protobuf module from source because
by default, the system-installed version of protobuf is used
by libprotobuf-mutator, and this version can be too old.

Part of #4823

NO_CHANGELOG=<dependencies>
NO_DOC=<dependencies>
NO_TEST=<dependencies>

(cherry picked from commit b11072a6)

In scope of the commit 82f4b4a3 ("lib/core/fiber: Increase default
stack size") the default value of fiber stack size is increased up to
512 Kb (you can find the reasons in the aforementioned commit message
and in https://github.com/tarantool/tarantool/issues/3418 description).

Some of the tests in test/PUC-Rio-Lua-5.1-test suite in LuaJIT repo
(e.g. some cases with deep recursion in errors.lua or pm.lua) have
already been tweaked according to the limitations mentioned in
https://github.com/tarantool/tarantool/issues/5782, but the crashes
still occurs while running LuaJIT tests with ASan support enabled.

To make the testing routine more convenient, FIBER_STACK_SIZE option is
introduced to Tarantool CMake machinery. One can provide the size either
by raw digits (i.e. in bytes) or using Kb/Mb suffixes for convenience.

A couple of important nits:
* If the given value is not a multiple of 4Kb, CMake machinery adjusts
  it up to the nearest one greater than this value.
* If the adjusted value is less than 512Kb, configuration fails with the
  corresponding CMake fatal error.

Follows up #3418
Relates to #5782

@TarantoolBot document
Title: introduce FIBER_STACK_SIZE configuration option

To make managing of the default fiber stack size more convenient, the
corresponding CMake option is added.

**NB**: The stack size can't be less than 512Kb and if the given value
is not a multiple of 4Kb, CMake machinery adjusts it up to the nearest
one greater than this value.

(cherry picked from commit ff57f990)

There are sporadic segfaults in libunwind during backtrace_collect().
Reproducible with the latest version, and there are open issues with
similar stacks:

https://github.com/libunwind/libunwind/issues/150
https://github.com/libunwind/libunwind/issues/260
https://github.com/libunwind/libunwind/issues/473

Let's disable ENABLE_BACKTRACE for AArch64 Linux until these issues are
resolved in libunwind.

Closes #8572
Part of #8791

NO_DOC=bugfix

(cherry picked from commit 418e749c)

This reverts commit 1c0a0c90.

Cherry-picked by mistake. Tarantool 2.11 still depends on libgomp.

NO_DOC=revert
NO_TEST=revert
NO_CHANGELOG=revert