It was suggested in IRC that people disabling the reporting of unstructed hgrc
files can masquerade as problems. This makes sure untrusted hgrc files are
always reported if --debug is used.
The fstat function was undefined, but never used since a stat object
was always passed in the optional st argument. Passing st is now
mandatory.
This bug crept in when util was split up into posix and windows
modules. The fstat function is still defined in util, but importing it
into posix would create an import cycle which seems unnecessary.
This untrusted configparser is a superset of the trusted configparser,
so that interpolation still works.
Also add an "untrusted" argument to ui.config* to allow querying
ui.ucdata.
With --debug, we print a warning when we read an untrusted config
file, and when we try to access a trusted setting that has one value
in the trusted configparser and another in the untrusted configparser.
The list of trusted users and groups is specified in the [trusted]
section of a hgrc; the current user is always trusted; "*" can be
used to trust all users/groups.
Global hgrc files are always read.
On Windows (and other systems that don't have the pwd and grp modules),
all .hg/hgrc files are read.
This is essentially the same patch that was previously applied as
revision f077d29b114d.