parser: Don't load external content if only XML_SKIP_IDS is set

At some point, the `loadsubset` member was augmented to also control
handling of ID attributes in addition to loading of external DTDs. These
two features are unrelated and shouldn't have been mixed. This mistake
was probably inspired by the misnamed XML_DETECT_IDS flag. As a side
effect, setting XML_SKIP_IDS always enabled loading of external DTDs and
parameter entities.

This change makes it possible to ignore IDs without loading external
content. This is a deliberate API change that improves security and is
unlikely to affect users.

This also makes sure that the new XML_PARSE_SKIP_IDS option doesn't
enable unsafe behavior.

include/libxml/parser.h

@@ -477,17 +477,19 @@ struct _xmlParserCtxt {
      */
     void *_private;
     /**
-     * @deprecated Use xmlParserOption XML_PARSE_DTDLOAD or
-     * XML_PARSE_DTDATTR
+     * @deprecated Use xmlParserOption XML_PARSE_DTDLOAD,
+     * XML_PARSE_DTDATTR or XML_PARSE_SKIP_IDS.
      *
-     * Control loading of the external subset. Other options like
-     * `validate` can override this value.
+     * Control loading of the external subset and handling of IDs.
+     * Other options like `validate` can override this value.
      *
-     * - 0: Don't load external subset.
-     * - XML_DETECT_IDS: Load external subset and store IDs.
-     * - XML_COMPLETE_ATTRS: Load external subset, store IDs and
-     *   process default attributes.
-     * - XML_SKIP_IDS: Load external subset and ignore IDs.
+     * - 0: The default behavior is to process IDs and to ignore
+     *   the external subset.
+     * - XML_DETECT_IDS: Load external subset. This flag is
+     *   misnamed. ID handling is only controlled by XML_SKIP_IDS.
+     * - XML_COMPLETE_ATTRS: Load external subset and process
+     *   default attributes.
+     * - XML_SKIP_IDS: Ignore IDs.
      */
     int loadsubset XML_DEPRECATED_MEMBER;
     /* unused */