More readable/friendly log messages and ip.can reason strings

The number of failed login attempts. It's something.

Update wording and add more help text.

Now a sysop can "perm block" a client (IP address) for a limited amount of
time rather than always forever.

Add more displays of the ip.can details when actively blocking a client.

Moved twit/trash functions from userdat.c to trash.c

For symmetry

I wanted a couple of features for filters (e.g. blocked IP addreses):
- expiration date, optionally (only block for a limited time)
- display details of reason for filter in log messages (at time of block)

I've been thinking for some time that these files should be converted to .ini,
but then it occurred to me that I could do a sort of hybrid where the metadata
was key/value pairs tab-delimited from the search-pattern (first text on the
line). This is backward comaptible, relatively easy to view/edit by hand, and
extensible (easy to add/remove metadata fields in the future). So they'll
remain as text/*.can files.

The maximum line length for findstr/trashcan parsed files extended from 255 to
1000 characters.

Moved all trashcan-related functions from scfglib1.c to (new file) trash.c.

For the first time, I actually tested a build on WSL *before* committing to
Git. So, this *should* pass CI the first time. :-O

So move to nopen.h

Move the nopen-specific constants from sbbsdefs.h to nopen.c

This helps svdmodem to use findstr->nopen without more sbbs/smblib deps

... especially around incoming connection acceptance, blocked-IPs/hostnames

Many searches are done (e.g. in the mail server, QWK import) for either of 2
strings in single file or list, so let's optimize that to a single iteration
through the file/list. This should reduce some redundant file I/O.

I do find this API a little confusing with the filename or list at the end
of the argument list, but kept it consistent with the existing single string
findstr functions (which are now just wrappers for the new 2-string flavors).

I noticed during this update that findstr() did not share the same behavior
as findstr_in_list() (feature added in commit f08f2137) whereby if all the
patterns were negative searches (beginning with '!'), then *all* the
negative matches would have to be successful (not just the first) for the
function to return true. So now findstr() behaves like findstr_in_list()
in this regard.

I also added some optimizations to findstr_in_string().

Using "Warning" log levels more for things that the sysop might be able to do
something about. If it's just an input data validation (from a random TCP/IP
client), use "Notice" log level instead.

The terminal server log output is still the odd ball.

The time span over which consecutive failed logins are attempted is important

'@' is in the name.can by default and the mail server recognizes user@addr
formatted logins/attempts, so truncate at the '@' before comparing against
the name.can file to prevent false !TEMPORARY BAN (1 login attempts, ...
occurences.

The log format and details might need some adjustment, but this is a start.

Also, don't delay 3 seconds before disconnecting socket when mail server has
reached maximum number of clients - we should immediately release resources
(the socket) and be able to accept another connection ASAP instead.

Deal with new CID 470557 and 470554 in mail server: resource (file*)
leaks in error paths (corner case).

Set minimum severity of TLS messages in web sever to INFO. Debug-level would
hide some common TLS session errors.

That's percent minus, to go with percent plus (user's real name).

The string is auto-quoted if it contains a space.

For Keyop's use with rlogin.js, maybe.

When a JS environment (e.g. server, jsexec) is terminated, it's possible
that a require() script was being evaluated. But since termination would
abort that evaluation, it's not unexpected if a symbol ends up not being
defined before the require() script was terminated, so don't report an
error in that case.

Fix issue #681

The base64-encoded credentials can either be supplied with the AUTH PLAIN
command or in response to a 334 server-challenge. We only supported the
former form and logged a warning ("Missing AUTH PLAIN argument") when we
received the latter. No warning is logged now and the appropriate
server-challege is sent and the response accepted and base64-decoded and
parsed as before.

And fix some use of CRYPT_UNUSED instead of cryptlib session ID.

Attempt to fix issue #680

This probably will need some llvm or other exceptional handling for
non GNU build systems.

Since we're logging at INFO level when the connect is attempted, we can assume
success when we start logging additional init messages.

These can always be revived from the attic if there's some need or purpose.

My mail server was suddenly and inexplicably creating thousands of SMTPS
client threads, each with a unique remote IP address, and each eventually
failing with the rather obscure log message (from cryptlib):
 dbg 'Cannot read item from object' (-41) setting session active

Eventually (after not long, really), the server would run out of resources
and fail in weird and wonderful ways (can't malloc, can't create JS runtime
or context, etc.). The max_clients limit (100, as I have it set) wasn't being
effectively-imposed on SMTPS connections.

The root-cause: the active_clients (counter) wasn't incremented until *after*
the cryptlib/TLS setup for SMTPS connections and SMTPS/TLS connections can
take a long time to fail, resulting in a vulnerability to an effective denial
of service attack.

Raise the minimum severity of all cryptlib/TLS log messages from Debug to
Info.

Create wrappers for smtp_thread() [now smtp_client_thread()] and pop3_thread
[now pop3_client_thread()] that handle basic resource management (thread
counters, active client counters, the client socket).