Should fix possible issue with certificate being owned by root when
_THREAD_SUID_BROKEN is true (ie: Linux).

These waits could cause "bad" traffic (blocked, max client exceeded, etc)
to prevent/delay accept()ing "good" traffic on other services.

TLS servers without all of them needing to separately load the ssl certificate.

It's destroyed in free_scfg(), and the config *must* be prepped both to
destroy the certificate and to load it.  This is because the "no cert"
value is -1, not 0, so the prepped flag is all we really have to indicate
if it's zero because it's a valid certificate or zero because no certificate
has been loaded.

Also add add_public_key() and get_public_key() methods to CryptKeyset.
Not tested yet, but this should be everything we need to finish up
LetSyncrypt.

This class allows saving and loading private keys.  It doesn't currently
allow saving or loading *public* keys, since they require certificate support
which we don't yet have in our JavaScript Object Model.

I'll fix the JSDocs build in a minute.

HANDLE_PENDING() contains a return, so it's theoretically possible that the
memory allocated by the previous JSVALUE/STRING_TO_... allocation could
be leaked. So now we pass an optional pointer to HANDLE_PENDING() which will
call free() on it if it's not NULL, and then sets it to NULL for good measure.

Convert up to 128 characters of the passed user name to a string we can use
and log in case of failure (helps to debug the full actual user name passed to
the sevice, e.g. by an IMAP client).

globally (using a new macro in sbbbsdefs.h: STR_UNKNOWN_USER). "<unknown>"
in some contexts was too vague (e.g. the 'c' command output from the sbbs
console).

Introduced a better progress indicator (similar to poll results), using the
backfill() method. 2 new attr.cfg fields allow the progress indicator colors to
be configured separately from poll results (though they default to the same
white on magenta). This new progress indicator is used when loading msg ptrs
and scanning for votes. I will be using it while performing other searches
(e.g. file libraries/dirs) as well.

temp-ban (was logging the total number of login attempts, including dupes).

so use shorter thread names.

How did startup->sem_chk_freq get set (back) to 0 in the first place?
The reason: the startup struct sanitization only occured when the various
server threads were first started. When recycled, the server would call back to
the original caller (e.g. sbbscon) which may (and did) re-read the sbbs.ini
file, which could have SemCheckFrequency set to 0 (or missing) and the
sanitization did not happen again (so a 0 value was used in select() calls,
resuilting in high CPU utilization for several threads).

So now, all startup struct sanitization occurs inside the init/recycle loop
and sem_chk_freq should never revert to 0 again. This was the main bug.

value is missing or set to 0 in the sbbs.ini file, the sanity checking this
value (setting it to 2 seconds) will not occur after a server recycle and the
sbbs.ini is re-parsed. So if for any reason, the sem_chk_freq value becomes
0, these server threads won't hog the CPU because they all YIELD at the
top of thier main loops.

Also, changed all the thread names (e.g. adding "sbbs/" prefix), so they're
more sensible in the Linux 'top' output.

Also, started adding 'vi' modelines to auto-set tabstops when using vi/vim.

file (in .can file format) which lists IP addresses or hostnames which will
be exempt from temporary bans or permanent filters.

- Never ban the server's own address
- Log the login attempt and last name attempted
- Use a compressed version of the HH:MM:SS "time remaining" portion of the log
  message

By default, after 20 consecutive (unique) failed login attempts, *or*
a failed login attempt wtih a name from the name.can filter file.
The default temporary ban duration is 10 minutes.
The temporary ban thershold is configurable via LoginAttemptTempBanThreshold
in sbbs.ini and the ban duration is configurable via LoginAttemptTempBanDuration
(in seconds).

the constructor things.  This allows TLS-enabled services to work correctly,
and removes an ugly hack from the web server.

There's still an odd issue with the NNTP service when using TLS though.

to errorlog() so the data/error.log is less ambiguous about where an error
occurred.

after a user (has been) disconnected and before the node transitions to waiting
for connection (WFC) status. Usually the duration of this status is very short,
but it can be longer (e.g. for running log-out module and event) and for (new)
msg-scan pointer fix-ups.
Updated logout() to remove some cruft and add some more log/debug output.
Automatic new-scan pointer fix-ups when performing new-message scans (if the
current pointer is greater than the last message number, set it to the last
message number) and when saving message pointers.
Passing user_t* to get/putmsgptrs() instead of message number now (to better
detect Guest account).

This means moving ssl.o into libsbbs.so and out of libwebsrvr.so.
I'll fix Windows in a minute (?).

addresses specified in the Interface line of sbbs.ini for the server.

before re-reading them.

xpms_add_chararray_list instead.  Prevents having to free string lists
in the sbbs.ini parsing code.

the objects private data, and badly breaks the methods.

Instead, implement a wrapper macro and use it.

New Features:
- Multiple bindings for each service
  Use comma-separated interfaces on Interface= lines in the ini file.
  Default is now "0.0.0.0,::"
- IPv6 support
- TLS support for the webserver and (non-static) services
  New TLS option in services.ini (ie: Options=TLS)
- Decrease LEN_SCAN_CMD to 35 chars, increase the CID field to 45 chars,
  and rename the MAIL_CMD string to IPADDR.  I think this frees up the
  note field for SysOp use.

scripts global scope (as opposed to js.global which is the instance global
scope), and having exit() define exit_code in js.scope instead of js.global.

This also sets exit_code in js.scope to null when preparing to execute a new
script.  If a new script starts in the same scope as an old one, the old
exit_code value will be destroyed.

This should only impact scripts where js.global != js.scope (bbs.exec()ed,
and mailsrvr)

initialization due to no service sockets being successfully bound. The crash
was in cleanup(), while checking the 'theads_pending_start' protected-int,
which had not been created/initialized yet. The fix is to create/init the
threads_pending_start protected-int before any possible call to cleanup().

related crashes (mainly due to null pointer dereferences of scfg_t members
freed in cleanup()).
Use of new protected_int_value()  for extra paranoia (but can't use it on
destroyed protected-int's).

due to race condition betwen call of _beginthread() to thread function
actually being executed and the notice of a recycle semaphore condition and
the freeing of dynamically allocated elements of the global scfg instance.