Add SSH transport support

[Soph]

Summary

Adds SSH transport support to git-sync using the local ssh binary.

This replaces the stalled SSH draft with a fresh implementation from current main.

What changed

• extract a transport interface and rename the existing HTTP transport to HTTPConn
• add SSHConn using one ssh process per logical RPC
• support ssh://, SCP-style git@host:path.git, and git+ssh:// remotes
• honor SSH config-driven user/key behavior by not forcing a default git@ user
• fail early with a clear error when ssh is not available on PATH
• warn explicitly that --progress / --stats do not yet expose byte-counted SSH throughput
• document SSH support and its current caveats

Implementation notes

The key transport fix versus the old draft is per-RPC execution. git-sync makes multiple logical RPCs per endpoint in normal flows, especially under protocol v2 and batching, so a single long-lived SSH process is the wrong model.

Each RequestInfoRefs / PostRPCStreamBody call now shells out independently via exec.CommandContext, which also fixes the earlier context-handling and stderr-race issues.

The SSH transport trims the leading advertised-refs section emitted by fresh upload-pack / receive-pack invocations before exposing the actual command stream.

Tests

Added and updated coverage for:

• transport seam refactor across gitproto, strategies, and syncer
• SSH command construction for URL forms, ports, and ~-prefixed SCP paths
• repeated SSH RPC calls on the same logical endpoint
• SSH cancellation behavior for both discovery and stream RPCs
• end-to-end sync over an SSH shim using real git-upload-pack / git-receive-pack

Verified locally with:

• go test ./internal/gitproto ./internal/syncer -run 'TestSSHConn|TestRun_IntegrationSyncOverSSHShimV2|TestSSHStatsWarning' -count=1
• go test ./internal/gitproto ./internal/strategy/... ./internal/syncer -run '^$'

Remaining caveat

SSH sync works, but --progress and --stats currently omit byte-counted SSH transfer throughput. The PR warns explicitly rather than silently reporting misleading zero-byte stats.

Closes #36

---

Note

Medium Risk
Adds a new SSH transport and refactors core fetch/push/session plumbing to use an interface-based connection, which touches critical sync paths and could affect remote compatibility and error handling across both HTTP and SSH.

Overview
git-sync now supports SSH remotes by introducing a transport-agnostic gitproto.Conn interface, renaming the existing smart-HTTP transport to HTTPConn, and adding a new SSHConn that shells out to the local ssh binary per RPC (discovery and streaming RPCs).

Core fetch/push/refs code and all strategies (bootstrap, incremental, replicate, materialized) are updated to accept Conn instead of *Conn, with progress output routed via Conn.ProgressWriter() and session teardown now calling Conn.Close().

The CLI/session layer (syncer) now detects ssh/git+ssh (and SCP-style) URLs to build SSHConn, prints a warning that --progress/--stats omit SSH byte throughput, and docs/tests are updated with SSH usage notes plus unit and integration coverage for SSH invocation, context cancellation, and end-to-end sync over an SSH shim.

^{Reviewed by Cursor Bugbot for commit ceeddf9. Configure here.}

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.}

Comment @cursor review or bugbot run to trigger another review on this PR

^{Reviewed by Cursor Bugbot for commit ceeddf9. Configure here.}

[nodo]

LGTM, just added a minor comment, not a blocker.

[nodo]

🤔 not a blocker, but I wonder if we could do a pass and handle these better. e.g. is this specific to github?