Also refactor audit cops into two "departments"
 - FormulaAudit
 - FormulaAuditStrict

There's been an informal ban for a while but let's
be punchier because this crops up still.

Make sure that `if build.with?` isn't caught.

When auditing new formulae without `--new-formula` the
`audit_revision_and_version_scheme` method fails ungracefully. Instead,
set some better defaults so fewer checks are needed.

Fixes #2551.

This was removed in #2540 but this call site was note updated to use
the `search_taps` method instead.

Another attempt at fixing `brew audit` issues around detecting
`revision` and `version_scheme` changes correctly. First done in #1754
and #2086 (reverted in #2099 and #2100).

To ease future debugging a `ph` helper has been added to print a hash
and a series of RSpec tests to verify that the `revision`,
`version_scheme` and `version` formula version audits behave as
expected.

Fixes #1731.

Now that both the primary and mirror URLs use HTTPS we can flip these
around so the primary URL is the primary URL and we don't have problems
with waiting for mirror propagation.

This means that if e.g. the unversioned formulae exists in another tap
this audit won't produce a false positive.

Option dependencies are nasty as they cause unnecessary builds from
source.

We may under some circumstances accept these anyway but it's better to
nudge people into the right behaviours on local `audit`s.

Add `--only` and `--except` methods which can be used to selectively
enable or disable audit groups.

As requested in #11462 by @neutric as this produces confusing,
incorrect output.

Make `brew audit` complain about language module requirements because
they provide a crappy user experience compared to vendoring and we’re
not really fixing bugs in them any more.

Also check for `ENV.universal_binary` and `build.universal?`. The prior
is still required for `wine` and the latter should never be required any
longer.

Was missing a formula object being passed.

Additionally, ignore the cctools formula itself, since it obviously
needs to check cctools invocations.

If we're adding a versioned formulae we want to ensure that there's also
an unversioned one too.

This will allow extending this class so it can be used by more than
just blacklisting.

This has known issues with our `ghostscript` formula, we can't test it
on CI and is a ludicrously heavy dependency that in many cases can be
avoided by upstream providing prebuilt documentation.

Provide a gentle nudge to users to check if these dependencies are
definitely required.

Previously, the http_content_headers_and_checksum method always
downloaded the entire url, including headers. These downloads
periodically hang, outputting false positives or wreaking havoc on
the CI. Therefore, use curl's --max-time arg to prevent this by
setting a hard limit of 600 seconds when the entire file is going
to be used to detect whether the url can be changed to use the HTTPS
protocol instead of HTTP. Otherwise, if the url already is HTTPS, limit
the download time to 25 seconds since only the headers, not contents, matter.

this is necessary because they install conflicting scripts into
HOMEBREW_PREFIX/etc/profile.d

Add exceptions for node@* versioned formulae to use conflicts_with
instead of keg_only :versioned_formula since they, and the main node
formula, all currently overwrite npm during postinstall.

The system Subversion doesn't handle new certificate authorities (e.g.
Let's Encrypt) well enough for this check to be useful.

A `brew mirror`ed URL is usually not yet reachable at the time of pull request.

Many parts of Homebrew assume that a version string beginning with
"HEAD" is, in fact, a head build. A stable version that begins with
"HEAD" violates this assumption and causes problems, as it's treated
as a head build in some places and as a stable build in others.