build: enable missing OpenSSF-recommended warnings, with fixes

Ref:
https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++.html
(2023-11-29)

Enable new warnings:

- replace `-Wno-sign-conversion` with `-Wsign-conversion`.

  Fix them in example, tests and wincng. There remain about 360 of these
  warnings in `src`. Add a TODO item for those and disable `-Werror` for
  this particular warning.

- enable `-Wformat=2` for clang (in both cmake and autotools).

- enable `__attribute__((format))` for `_libssh2_debug()`,
  `_libssh2_snprintf()` and in tests for `run_command()`.

  `LIBSSH2_PRINTF()` copied from `CURL_TEMP_PRINTF()` in curl.

- enable `-Wimplicit-fallthrough`.

- enable `-Wtrampolines`.

Fix them:

- src: replace obsolete fall-through-comments with
  `__attribute__((fallthrough))`.

- wincng: fix `-Wsign-conversion` warnings.

- tests: fix `-Wsign-conversion` warnings.

- example: fix `-Wsign-conversion` warnings.

- src: fix `-Wformat` issues in trace calls.

  Also, where necessary fix `int` and `unsigned char` casts to
  `unsigned int` and adjust printf format strings. These were not
  causing compiler warnings.

  Cast large types to `long` to avoid dealing with printf masks for
  `size_t` and other C99 types. Existing code often used `int` for this.
  I'll update them to `long` in an upcoming commit.

- tests: fix `-Wformat` warning.

- silence `-Wformat-nonliteral` warnings.

- mbedtls: silence `-Wsign-conversion`/`-Warith-conversion`
  in external header.

Closes #1257

example/ssh2_echo.c

@@ -219,11 +219,11 @@ int main(int argc, char *argv[])
     else {
         LIBSSH2_POLLFD *fds = NULL;
         int running = 1;
-        ssize_t bufsize = BUFSIZE;
+        size_t bufsize = BUFSIZE;
         char buffer[BUFSIZE];
-        ssize_t totsize = 1500000;
-        ssize_t totwritten = 0;
-        ssize_t totread = 0;
+        size_t totsize = 1500000;
+        size_t totwritten = 0;
+        size_t totread = 0;
         int rereads = 0;
         int rewrites = 0;
         int i;
@@ -262,7 +262,7 @@ int main(int argc, char *argv[])
                     exit(1);
                 }
                 else {
-                    totread += n;
+                    totread += (size_t)n;
                     fprintf(stderr, "read %d bytes (%d in total)\n",
                             (int)n, (int)totread);
                 }
@@ -273,8 +273,8 @@ int main(int argc, char *argv[])
 
                 if(totwritten < totsize) {
                     /* we have not written all data yet */
-                    ssize_t left = totsize - totwritten;
-                    ssize_t size = (left < bufsize) ? left : bufsize;
+                    size_t left = totsize - totwritten;
+                    size_t size = (left < bufsize) ? left : bufsize;
                     ssize_t n = libssh2_channel_write_ex(channel, 0,
                                                          buffer, size);
 
@@ -287,10 +287,10 @@ int main(int argc, char *argv[])
                         exit(1);
                     }
                     else {
-                        totwritten += n;
+                        totwritten += (size_t)n;
                         fprintf(stderr, "wrote %d bytes (%d in total)",
                                 (int)n, (int)totwritten);
-                        if(left >= bufsize && n != bufsize) {
+                        if(left >= bufsize && (size_t)n != bufsize) {
                             fprintf(stderr, " PARTIAL");
                         }
                         fprintf(stderr, "\n");
@@ -310,7 +310,8 @@ int main(int argc, char *argv[])
                     else {
                         fprintf(stderr, "sent eof\n");
                         /* we're done writing, stop listening for OUT events */
-                        fds[0].events &= ~LIBSSH2_POLLFD_POLLOUT;
+                        fds[0].events &=
+                            ~(unsigned long)LIBSSH2_POLLFD_POLLOUT;
                     }
                 }
             }