Memory safety and security fixes

Reduce the use of unsafe swift constructs in favour of ones that
are memory safe. In the HTTP client remove the use of the unsafe
mutable pointer in favour of direct Data conversion before writing
the downloaded file to disk.

Upgrade the version of libarchive to 3.7.4, which includes some
security fixes that could have an impact on swiftly.

Revert the changes to the SwiftlyHTTPClient that changed it to
use the shared async HTTPClient. That broke the interactions with
the GitHub REST API's.

Author: cmcgee1024

Sources/SwiftlyCore/HTTPClient.swift

@@ -166,9 +166,7 @@ public struct SwiftlyHTTPClient {
         for try await buffer in response.body {
             receivedBytes += buffer.readableBytes
 
-            try buffer.withUnsafeReadableBytes { bufferPtr in
-                try fileHandle.write(contentsOf: bufferPtr)
-            }
+            try fileHandle.write(contentsOf: buffer.readableBytesView)
 
             let now = Date()
             if let reportProgress, lastUpdate.distance(to: now) > 0.25 || receivedBytes == expectedBytes {
@@ -185,5 +183,9 @@ public struct SwiftlyHTTPClient {
 }
 
 private class HTTPClientWrapper {
-    fileprivate let inner = HTTPClient.shared
+    fileprivate let inner = HTTPClient(eventLoopGroupProvider: .singleton)
+
+    deinit {
+        try? self.inner.syncShutdown()
+    }
 }

scripts/install-libarchive.sh

@@ -3,7 +3,7 @@
 set -o errexit
 
 # TODO detect platform
-LIBARCHIVE_VERSION=3.6.1
+LIBARCHIVE_VERSION=3.7.4
 
 mkdir /tmp/archive-build
 pushd /tmp/archive-build