refactor(bare): enhance security and performance optimizations

- Remove unnecessary sorting in advertise_refs for deterministic output
- Add path traversal detection and validation in bare_dir construction
- Implement symlink resolution checks to prevent security vulnerabilities
- Refactor cache system with CRC validation and improved metrics
- Integrate repo-specific cache invalidation using indexed keys
- Add comprehensive unit tests for commit operations and diff functionality
- Move configuration constants to centralized config module
- Optimize string operations in disk cache random value generation
- Enhance license detection algorithm with cleaner matching logic
- Streamline argument processing in various git operations
- Update dependencies including crc32fast and flate2 for performance
- Add signal handling capability to tokio runtime configuration

archive/get_archive.rs

@@ -20,7 +20,6 @@ impl GitBare {
 
         let (tx, rx) = tokio::sync::mpsc::channel(16);
 
-        // Validate revision before spawning (cannot use ? inside spawn_blocking closure)
         let revision = match request.treeish.and_then(|s| s.selector) {
             Some(object_selector::Selector::Oid(oid)) => {
                 crate::sanitize::validate_oid_hex(&oid.hex)
@@ -45,7 +44,6 @@ impl GitBare {
                 .map_err(|e| tonic::Status::invalid_argument(e.to_string()))?;
         }
 
-        // Spawn the blocking git subprocess in a dedicated thread
         tokio::task::spawn_blocking(move || {
             let format = archive_options::Format::try_from(options.format)
                 .unwrap_or(archive_options::Format::ArchiveFormatTar);
@@ -89,7 +87,6 @@ impl GitBare {
                 }
             };
 
-            // Read stdout in 64KB chunks and stream them
             use std::io::Read;
             let mut reader = std::io::BufReader::new(stdout);
             let mut buf = vec![0u8; 65536];