Pending RELEASE-NOTES for the upcoming release

This is work in progress and will change before the release goes public on 31st of March 2021.

Changes:

• curl: add --fail-with-body
• doh: add options to disable ssl verification
• http: add support to read and store the referrer header
• sasl: support SCRAM-SHA-1 and SCRAM-SHA-256 via libgsasl
• vtls: initial implementation of rustls backend

Bugfixes:

• asyn-ares: use consistent resolve error message
• BUG-BOUNTY: removed the cooperation mention
• build: delete unused feature guards
• build: fix --disable-dateparse
• build: fix --disable-http-auth
• ci: stop building on freebsd-12-1
• cmake: fix import library name for non-MS compiler on Windows
• cmake: use CMAKE_INSTALL_INCLUDEDIR indirection
• configure: fail if --with-quiche is used and quiche isn't found
• configure: make hyper opt-in, and fail if missing
• curl_multibyte: always return a heap-allocated copy of string
• curl_multibyte: fall back to local code page stat/access on Windows
• curl_url_set.3: mention CURLU_PATH_AS_IS
• CURLOPT_QUOTE.3: clarify that libcurl doesn't parse what's sent
• docs/Makefile.inc: format to be update-friendly
• docs: add CURLOPT_CURLU to 'See also' in curl_url_ functions
• docs: fix FILE example url in --metalink documentation
• doh: Fix sharing user's resolve list with DOH handles
• file: Support unicode urls on windows
• ftp: add 'list_only' to the transfer state struct
• ftp: add 'prefer_ascii' to the transfer state struct
• ftp: avoid SIZE when asking for a TYPE A file
• ftp: fix Codacy/cppcheck warning about null pointer arithmetic
• ftp: never set data->set.ftp_append outside setopt
• gnutls: assume nettle crypto support
• gskit: correct the gskit_send() prototype
• hostip: fix build with sync resolver
• hostip: fix crash in sync resolver builds that use DOH
• http: do not add a referrer header with empty value
• http: use credentials from transfer, not connection
• lib: remove 'conn->data' completely
• memdebug: close debug logfile explicitly on exit
• mingw: enable using strcasecmp()
• multi: do once-per-transfer inits in before_perform in DID state
• multi: rename the multi transfer states
• ngtcp2: adapt to the new recv_datagram callback
• ngtcp2: clarify calculation precedence
• OS400: update for CURLOPT_AWS_SIGV4
• parse_proxy: fix a memory leak in the OOM path
• quiche: fix build error: use 'int' for port number
• runtests.pl: add %TESTNUMBER variable to make copying tests more convenient
• runtests.pl: add a -P option to specify an external proxy
• test1188: change error to check for: --fail HTTP status
• tests: disable .curlrc in more environments
• time: enable 64-bit time_t in supported mingw environments
• tool_help: add missing argument for --create-file-mode
• url.c: use consistent error message for failed resolve
• url: fix memory leak if OOM in the HSTS handling
• url: fix possible use-after-free in default protocol
• urldata: don't touch data->set.httpversion at run-time
• urldata: fix build without HTTP and MQTT
• urldata: make 'actions[]' use unsigned char instead of int
• urldata: remove the 'rtspversion' field
• urldata: remove the _ORIG suffix from string names
• wolfssl: don't store a NULL sessionid

Contributors:

Alex Xu, Amaury Denoyelle, arvids-kokins-bidstack on github, awesomenode on github, Benbuck Nason, Bodo Bergmann, Dan Fandrich, Daniel Gustafsson, Daniel Stenberg, David Demelier, David Goerger, Emil Engler, Fabian Keil, Firefox OS, Gisle Vanem, Gregor Jasny, Ikko Ashimine, Jack Boos Yu, Jacob Hoffman-Andrews, Jon Rumsey, Joseph Chen, Manuj Bhatia, Marcel Raad, Ray Satiro, Sergei Nikulov, Simon Josefsson, Stephan Szabo, Viktor Szakats, Vincent Torri, ZimCodes on github,