Pending RELEASE-NOTES for the upcoming release

This is work in progress and will change before the release goes public on 9th of December 2020.

Changes:

• hsts: add experimental support for Strict-Transport-Security

Bugfixes:

• acinclude: detect manually set minimum macos/ipod version
• alt-svc: enable (in the build) by default
• alt-svc: minimize variable scope and avoid "DEAD_STORE"
• checksrc: warn on empty line before open brace
• CI/appveyor: disable test 571 in two cmake builds
• CI/azure: improve on flakiness by avoiding libtool wrappers
• CI/tests: enable test target on TravisCI for CMake builds
• CI/travis: add brotli and zstd to the libssh2 build
• cirrus: build with FreeBSD 12.2 in CirrusCI
• cmake: call the feature unixsockets without dash
• cmake: correctly handle linker flags for static libs
• cmake: don't pass -fvisibility=hidden to clang-cl on Windows
• cmake: make BUILD_TESTING dependent option
• cmake: make CURL_ZLIB a tri-state variable
• cmake: set the unicode feature in curl-config on Windows
• cmake: store IDN2 information in curl_config.h
• cmake: use libcurl.rc in all Windows builds
• configure: pass -pthread to Libs.private for pkg-config
• configure: use pkgconfig to find openSSL when cross-compiling
• connect: repair build without ipv6 availability
• curl.1: add an "OUTPUT" section at the top of the manpage
• curl.se: new home
• curl: add compatibility for Amiga and GCC 6.5
• curl: only warn not fail, if not finding the home dir
• curl_easy_escape: limit output string length to 3 * max input
• Curl_pgrsStartNow: init speed limit time stamps at start
• curl_url_set.3: fix typo in the RETURN VALUE section
• CURLOPT_DNS_USE_GLOBAL_CACHE.3: fix typo
• CURLOPT_HSTS.3: document the file format
• CURLOPT_NOBODY.3: fix typo
• CURLOPT_TCP_NODELAY.3: fix comment in example code
• CURLOPT_URL.3: clarify SCP/SFTP URLs are for uploads as well
• docs: document the 8MB input string limit
• docs: Fix various typos in documentation
• examples/httpput: remove use of CURLOPT_PUT
• FAQ: refreshed
• gnutls: fix memory leaks (certfields memory wasn't released)
• header.d: mention the "Transfer-Encoding: chunked" handling
• HISTORY: the new domain
• http3: fix two build errors, silence warnings
• http: pass correct header size to debug callback for chunked post
• http_proxy: use enum with state names for 'keepon'
• httpput-postfields.c: new example doing PUT with POSTFIELDS
• libssh2: fix build with disabled proxy support
• libssh2: fix transport over HTTPS proxy
• libssh2: require version 1.0 or later
• Makefile.m32: add support for HTTP/3 via ngtcp2+nghttp3
• mqttd: fclose test file when done
• ngtcp2: adapt to recent nghttp3 updates
• openssl: acknowledge SRP disabling in configure properly
• openssl: guard against OOM on context creation
• os400: Sync libcurl API options
• packages/OS400: make the source code-style compliant
• quiche: remove 'static' from local buffer
• range.d: clarify that curl will not parse multipart responses
• range.d: fix typo
• rtsp: error out on empty Session ID, unified the code
• rtsp: fixed Session ID comparison to refuse prefix
• rtsp: fixed the RTST Session ID mismatch in test 570
• runtests: return error if no tests ran
• runtests: revert the mistaken edit of $CURL
• runtests: show keywords when no tests ran
• src/tool_filetime: disable -Wformat on mingw for this file
• strerror: use 'const' as the string should never be modified
• test122[12]: remove these two tests
• tests/*server.py: close log file after each log line
• tests/server/tftpd.c: close upload file right after transfer
• tests: add missing global_init/cleanup calls
• tests: fix some http/2 tests for older versions of nghttpx
• tool_debug_cb: do not assume zero-terminated data
• tool_help: make "output" description less confusing
• tool_operate: --retry for HTTP 408 responses too
• tool_operate: bail out proper on errors during parallel transfers
• tool_operate: fix compiler warning when --libcurl is disabled
• travis: use ninja-build for CMake builds
• travis: use valgrind when running tests for debug builds
• urlapi: URL encode a '+' in the query part

Contributors:

Andreas Fischer, asavah on github, b9a1 on github, Baruch Siach, Basuke Suzuki, bobmitchell1956 on github, BrumBrum on hackerone, Cristian Morales Vega, Daniel Gustafsson, Daniel Stenberg, Dietmar Hauser, Dirk Wetter, Emil Engler, hamstergene on github, Harry Sintonen, Jakub Zakrzewski, Jeroen Ooms, Jon Rumsey, José Joaquín Atria, Kael1117 on github, Marcel Raad, Marc Hörsken, Marc Schlatter, Niranjan Hasabnis, nosajsnikta on github, Oliver Urbann, Philipp Klaus Krause, Ray Satiro, Rui LIU, Sergei Nikulov, Tobias Hieta, Tom G. Christensen, Viktor Szakats, Vincent Torri,