__BUGFIX: setCookie() with path and/or domain__

A bug in facil.io accidentally overwrote parts of the cookie header with
spaces. If a path but no domain was specified, `path` would be
overwritten to ` ath`, leading to the impression that the path would be
ignored by zap. If both domain and path were specified, `domain` would
become `  main`, but the path part would come later and escape the
overwriting.

My latest patch to facil.io corrects this behavior. Hence, the update.

__Weird setCookie() release build bug__

This is a bugfix release. I noticed that `setCookie()` would always
return an error in release builds.

In trying to debug what is going on, I captured the return value of the
internal `http_set_cookie` call in a variable, so I could check AND log
it - instead of just checking `if(http_set_cookie() == -1)`. Strangely
enough, the bug disappeared. Without further examination, this seems
like a bug in the current zig compiler.

__Zig Standard Library `snek_case` rename catch-up__

The zig standard library is under `snek_case` attack! Every now and then
a commit lands that introduces some new renames, with the odd move into
another part of the standard library. Current example: `std.debug.TTY`
has been renamed to `std.io.tty`, which affects
`zap.SimpleRequest.sendError()`.

Another change that only affects tooling (pkghash, announceybot) is
lower-casing of enums like `std.fs.IterableDir.Entry.Kind` and its
children. They have been renamed to `kind`, `.file`, `.dir`, etc.

So, long story short: if you don't use `sendError()` with latest zig
master, no need to update. Yet 😊...

UserPassSessionAuth: emphermal session tokens

The UserPassSessionAuth now adds the current timestamp in nanoseconds to the hasher. -> Every successful login will create its own session cookie. A leaked cookie is pretty worthless now (unless an attacker can grab and use it in the same browser session).

__**Stopping ZAP & Memory Fixes**__

- `UserPassSessionAuth` didn't clean up properly. On top of that, the way it was implemented, made it complicated to free tokens that were created at /login time but in the map of allowed tokens already. This is now fixed. The example even shows how to scope your main function and call the `gpa.detectLeaks()` directly. Which is the way to go if you call `zap.stop()`

- `zap.stop()` introduced. Execution of the main thread continues past the `zap.start()` call.

In other news, the `build.zig` script now exposes a single `zig build test` target that can be used to run all tests in one go. ZAP is a good zig build citizen now 😊.

**In ZIG news**: the TLS errors are back. I'm in contact with Andrew about that.

Once ziglang/zig#15194 is implemented, I'll see proper backtraces in the CI when building ZAP. The backtraces should help getting the TLS issues fixed.

This is an interim release which only updates to the latest

infrastructure of the CI.

No user-facing changes in ZAP.

This marks the 0.1.0-pre release of ZAP!

- From now on, I'll use simple vX.Y.Z-pre for pre-releases of ZAP.
- The GitHub releases are auto-generated by a GitHub action
- The first version of the Discord announceybot informs the
  #announcement channel about new releases
- The README gets auto-updated with the correct `build.zig.zon`
  instructions.

**New Feature: Error Trace Responses!**

You can now call `r.sendError(err, status_code)` when you catch an error
and a stack trace is returned to the client / browser. This is a
first-cut implementation of the feature. It does not yet honor accept
headers, for example, and just returns plain text.

The README points to a small example.

_Random stuff_:

At some stage I'll just rewrite announceybot in Zig, and have it cover
all tasks that are now spread in various python scripts. It's just less
hassle when you know the static executable is built, only a few kB in
size so it can actually checked into the git repository if it needs to,
and no GitHub / python package configuration can make it "un-work" 😊.
It's self-contained.

In accordance to above thoughts, I added a ReleaseSmall static version
of the `pkghash` tool into the repo, so the GH actions can use it w/o
needing to build it first. It's 55kB in size so I think that's OK.

- This is just a test

- Spamming should stop soon

This is a test

Please ignore

sdf