Hf pull process-wide cancellation API with terminate handling. (#4107)

### 🛠 Summary
CVS-CVS-184757

Libgit2 Lfs-filter.c patch changes:
1. Process-wide cancellation API. Added an exported atomic flag with
git_lfs_cancel_set(int) / git_lfs_cancel_get(void) (declared
GIT_LFS_CANCEL_EXPORT, backed by git_atomic32), plus a host-supplied
probe git_lfs_shutdown_requested(void) that the filter calls to learn
whether the embedding application has requested shutdown. This gives
OVMS a reliable way to abort in-flight LFS operations from outside
libgit2.
2. Cancellation responsiveness across the LFS pipeline. Cancellation is
now polled in the curl progress callbacks and around every long-running
step: before/after each curl perform, between resume attempts, and
inside the retry sleep loop (so a Ctrl+C during a back-off no longer
waits the full interval).
3. Cancellation coverage extended to both LFS HTTP requests. Both the
batch metadata request and the object download request are wired to the
progress callback and to explicit abort guards, so cancellation aborts
the operation regardless of which phase is in flight.
4. Error-focused logging with on-demand log file. Switched the patch to
an error-focused logger; lfs_error.txt is now created/truncated only
when an actual error is emitted, written under the repository workdir.
Successful runs no longer leave a stale file behind, which OVMS relies
on as a post-clone error signal.
5. Configurable, interruptible resume. Resume behaviour is preserved but
made safer: the number of attempts and the interval between them are
configurable via GIT_LFS_RESUME_ATTEMPTS and
GIT_LFS_RESUME_INTERVAL_SECONDS (initialized once via INIT_ONCE), and
cancel checks are repeated around resume retries and the fallback path.

Ovms Libgit2.cpp Changes:
1. End-to-end cancellation propagation. Server shutdown signaling is
plumbed all the way into the clone and LFS download paths via
libgit2::isCloneCancellationRequestedFromServer() and the exported
git_lfs_shutdown_requested(void) C entry point, so Ctrl+C aborts both
git_clone and ongoing LFS transfers
(transfer/sideband/update-tips/checkout-notify callbacks all return -1
on cancel via the shared RETURN_IF_OVMS_CLONE_CANCELLED macro).
2. Reliable resume after interruption. Resume logic was redesigned to
re-trigger the LFS smudge filter for partially downloaded files: it
repairs the index entry from the HEAD tree (an aborted clone may leave
the index entry missing), removes the stale worktree pointer file, and
forces git_checkout_head with GIT_CHECKOUT_FORCE |
GIT_CHECKOUT_RECREATE_MISSING for the affected paths. A complementary
path restores tracked non-LFS files that were missing after a crash,
then normalizes the index against HEAD.
.lfswip work-in-progress marker. A sibling marker file (<repo>.lfswip)
is created before clone/resume and removed only on a clean finish. Its
presence on a subsequent run indicates a prior interruption and switches
the pull into resume mode (including a HEAD-tree scan for tracked files
missing from the worktree).
lfs_error.txt handling. After clone or resume, OVMS reads any
lfs_error.txt left by the patch, logs its contents at error level,
removes the file, and surfaces a dedicated status to the caller.
3. Shared shutdown-state module (src/shutdown_state.{hpp,cpp}). New
module exposes getShutdownRequestValue / setShutdownRequestValue,
signal-safe setSignalShutdownRequested plus a main-thread
processSignalShutdownRequest, decoupling pull-module cancellation checks
from Server internals and satisfying Bazel dependency boundaries (the
pull module no longer needs to depend on the server target).
4. New status codes & tests.
HF_GIT_CLONE_CANCELLED and HF_GIT_LIBGIT2_LFS_DOWNLOAD_FAILED added
(alongside the existing HF_GIT_LIBGIT2_NOT_INITIALIZED).
5. New tests in pull_hf_model_test.cpp cover resume after a
server-shutdown request (HfPull.ResumeShutdown), resume after
SIGKILL/TerminateProcess (HfPull.ResumeTerminate), shutdown-driven
cancellation (HfPull.CloneCancelledByShutdownRequest), no-op re-pull,
partial-resume, user-removed and user-edited file scenarios on a cached
repository (HfPullCache.RePull/Resume/UserRemoved/UserEdited), and the
LFS-resume option capture tests.
6. New tests in libgit2_test.cpp document the .lfswip marker behavior
(LibGit2LfsWipMarker.*).
Third-party libgit2 integration updates. Bumped the upstream libgit2
commit (libgit2_engine.bzl) and significantly expanded lfs.patch.

### 🧪 Checklist

- [ ] Unit tests added.
- [ ] The documentation updated.
- [ ] Change follows security best practices.
``

---------

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Adrian Tobiszewski <adrian.tobiszewski@intel.com>

Author: 3 people

src/BUILD

@@ -216,6 +216,12 @@ ovms_cc_library(
     deps = ["libovmsstring_utils"],
     visibility = ["//visibility:public",],
 )
+ovms_cc_library(
+    name = "libovms_shutdown_state",
+    hdrs = ["shutdown_state.hpp"],
+    srcs = ["shutdown_state.cpp"],
+    visibility = ["//visibility:public",],
+)
 ovms_cc_library(
     name = "prediction_service_utils",
     hdrs = ["prediction_service_utils.hpp"],
@@ -828,6 +834,7 @@ ovms_cc_library(
             ],
         }) + [
             "cpp_headers",
+            "libovms_shutdown_state",
             "ovms_header",
             "capi_backend_impl",
             "libovms_capi_servable_metadata",

src/pull_module/BUILD

@@ -45,6 +45,7 @@ ovms_cc_library(
     deps =  [
         "@libgit2_engine//:libgit2_engine",
         "@ovms//src:libovmslogging",
+        "@ovms//src:libovms_shutdown_state",
         "@ovms//src/filesystem:libovmsfilesystem",
         "@ovms//src/filesystem:libovmslocalfilesystem",
         "@ovms//src:libovmsstatus",