feat: Add permissions::Config::git_binary field (#450)

When true, default false, inject the git installation configuration file
if present at the cost of one `git config` invocation.

Note that we rely on the underlying `git-config` crate to not load
duplicate files.

We also currently lie about the scope which is actually unclear - have
seen 'unknown' or normal scopes like `system`.

Author: Byron

git-repository/src/config/cache/init.rs

@@ -27,6 +27,7 @@ impl Cache {
             ssh_prefix: _,
         }: repository::permissions::Environment,
         repository::permissions::Config {
+            git_binary: use_installation,
             system: use_system,
             git: use_git,
             user: use_user,
@@ -54,35 +55,43 @@ impl Cache {
             let home_env = &home_env;
             let xdg_config_home_env = &xdg_config_home_env;
             let git_prefix = &git_prefix;
+            let mut install_path = use_installation
+                .then(|| crate::env::git::install_config_path())
+                .flatten();
             let metas = [git_config::source::Kind::System, git_config::source::Kind::Global]
                 .iter()
                 .flat_map(|kind| kind.sources())
-                .filter_map(|source| {
-                    match source {
-                        git_config::Source::System if !use_system => return None,
-                        git_config::Source::Git if !use_git => return None,
-                        git_config::Source::User if !use_user => return None,
-                        _ => {}
+                .filter_map(|source| match install_path.take() {
+                    Some(install_path) => (
+                        &git_config::Source::System,
+                        git_path::from_bstr(install_path).into_owned(),
+                    )
+                        .into(),
+                    None => {
+                        match source {
+                            git_config::Source::System if !use_system => return None,
+                            git_config::Source::Git if !use_git => return None,
+                            git_config::Source::User if !use_user => return None,
+                            _ => {}
+                        }
+                        source
+                            .storage_location(&mut |name| {
+                                match name {
+                                    git_ if git_.starts_with("GIT_") => Some(git_prefix),
+                                    "XDG_CONFIG_HOME" => Some(xdg_config_home_env),
+                                    "HOME" => Some(home_env),
+                                    _ => None,
+                                }
+                                .and_then(|perm| std::env::var_os(name).and_then(|val| perm.check(val).ok().flatten()))
+                            })
+                            .map(|p| (source, p.into_owned()))
                     }
-                    let path = source
-                        .storage_location(&mut |name| {
-                            match name {
-                                git_ if git_.starts_with("GIT_") => Some(git_prefix),
-                                "XDG_CONFIG_HOME" => Some(xdg_config_home_env),
-                                "HOME" => Some(home_env),
-                                _ => None,
-                            }
-                            .and_then(|perm| std::env::var_os(name).and_then(|val| perm.check(val).ok().flatten()))
-                        })
-                        .map(|p| p.into_owned());
-
-                    git_config::file::Metadata {
-                        path,
-                        source: *source,
-                        level: 0,
-                        trust: git_sec::Trust::Full,
-                    }
-                    .into()
+                })
+                .map(|(source, path)| git_config::file::Metadata {
+                    path: Some(path),
+                    source: *source,
+                    level: 0,
+                    trust: git_sec::Trust::Full,
                 });
 
             let err_on_nonexisting_paths = false;

git-repository/src/repository/permissions.rs

@@ -14,6 +14,11 @@ pub struct Permissions {
 /// Configure security relevant options when loading a git configuration.
 #[derive(Copy, Clone, Ord, PartialOrd, PartialEq, Eq, Debug, Hash)]
 pub struct Config {
+    /// The git binary may come with configuration as part of its configuration, and if this is true (default false)
+    /// we will load the configuration of the git binary, if present and not a duplicate of the ones below.
+    ///
+    /// It's disable by default as it involves executing the git binary once per execution of the application.
+    pub git_binary: bool,
     /// Whether to use the system configuration.
     /// This is defined as `$(prefix)/etc/gitconfig` on unix.
     pub system: bool,
@@ -40,6 +45,7 @@ impl Config {
     /// Allow everything which usually relates to a fully trusted environment
     pub fn all() -> Self {
         Config {
+            git_binary: false,
             system: true,
             git: true,
             user: true,
@@ -108,6 +114,7 @@ impl Permissions {
     pub fn isolated() -> Self {
         Permissions {
             config: Config {
+                git_binary: false,
                 system: false,
                 git: false,
                 user: false,