Adds 'x-tangled-repo-owner-handle' header when proxying git requests to
the knot. This allows knotserver to attempt to suggest the correct
git+ssh URL when rejecting a HTTP git push.

* Checks service name query parameter in info/refs handler; rejects any
service request that doesn't match 'git-upload-pack'.

* Produces 'text/plain' error responses so the git client will display
them.

* Adds a specific reject message for 'git-receive-pack'. This will
produce a less cryptic error in the terminal when trying to push over
http.

Sorts branches by update time (and in same-repo comparisons we drop the
default branch) and preselects the most recent branch.

empty repo template now shows a list of other branches if available

- setting default-branch now works on repos that have empty default
branches
- RepoIndex now returns branch-list if available on empty repos

This adds a post-processor step to the markdown parser to parse raw
html images `<img>` and resolve their `src` attributes if needed

This commit adds spinners to what I believe to be all the buttons on the
following pages:
- follow: add spinner to follow button
- issues/new: add spinner to create button
- issue: add spinners to close/reopen issue buttons
- issueComment: add spinner to delete button
- editIssueComment: add spinner to check mark button
- pulls/new: add spinner to create button
- pullNewComment: add spinner to comment button, submit and cancel
- pullResubmit: add spinners to resubmit / cancel button
- settings: add spinners to buttons
- knots: add spinners to buttons
- settings: add spinners to user settings page

Fixes a bug reported on Discord with relative links inside a
repository's subdir would resolve incorrectly since we were naively
"absoluting" the link destination.

Now, we resolve it against the current (parent) directory. For example,
if lol/x.md has a link

[foo](./some.png) => /lol/some.png (instead of just /some.png)

thanks @cinny.bun.how on bluesky.

also setup nix devshell to configure TANGLED_OAUTH_JWK in a shellhook
for seamless local oauth dev.

[preview](https://cdn.discordapp.com/attachments/1361968270516949092/1371809102023622699/image.png?ex=68247c48&is=68232ac8&hm=d743ac41cf52bdee418f3260a99860fad4ad11d2c105954e663dabf2735e18f3&)

the pull-id was extracted out of transaction

how it works:

- hx-indicator adds the htmx-request class to the target of choice
- with tailwind, we can use `group-[.class]` to check if a parent
element has a certain class, and style things conditionally
- by applying `group-[.htmx-request]`, we can detect when a request is
in progress, and show/hide a lucide loader
- the loader is a static icon made to spin using the `animate-spin`
class

setting TANGLED_DEV=true now lets you work on tangled without creating
ngrok/localtunnel tunnels.

NixOS 24.11 doesn't provide go-1.24 which is now required for this
project.

Additionally fix the `CGO_ENABLED` warnings that comes with the newer
nixpkgs version.

Lets us use it without an import cycle.

This serves the go-import meta tag if the user-agent is
Go-http-client/1.1 and there's a ?go-get=1 query parameter present. This
should run before the router 404's a path that technically doesn't exist
like tangled.sh/foo.com/some-go/v5.

the current transaction model only rollsback on db failures. this
changeset makes the transaction encapsulate the entire NewPull flow. if
creating the pds record fails, the db is still rolled back.

Also does some driveby config refactoring.

Add a space between the Discord link and the next word "or". This only
shows up on the timeline if you are not logged in...meaning it's one of
the first things a new user sees.

gotta be more explicit apparently