Fix parsing ClickHouse string with \ at end

Detect allocation failure & abort curl write in that circumstance

ClickHouse database names are allowed to contain line ending characters
(`\n` and `\r`). But we cannot allow them for HTTP connections because
we specify the database name via the `X-ClickHouse-Database` header, and
newlines could allow unexpected headers to be injected into the request.
For example, this query:

    SELECT clickhouse_raw_query(
        'SELECT 1',
        E'dbname=''default\r\nX-My-Header: 123'''
    );

Would send a request with these headers:

    X-ClickHouse-Database: default
    X-My-Header: 123

So add a check for line ending bytes to `chfdw_http_connect()` and raise
an exception if any are found. This check also prevents the injection
via the database name from `CREATE SERVER`:

    CREATE SERVER dr_evil FOREIGN DATA WRAPPER clickhouse_fdw
    OPTIONS(dbname E'default\r\nX-My-Header: 123');

Add tests for both these cases. Test only with `\r\n` and not `\r` or
`\n` alone because the ClickHouse API interface does not currently
return an error response for malformed headers
(ClickHouse/ClickHouse#98250).

While at it, update to test ClickHouse 26.2, which notably removes a
period from the end of an authentication error message. Rejigger the
`binary_queries` test results to compensate. Also add a missing
Changelog item for the security fix back in v0.1.1.

And prep changelog for release.

The parsing of the argument to the `engine CollapsingMergeTree` option
in `CREATE FOREIGN TABLE` was not validated and appended to queries
verbatim. This could allow one to execute very small additional queries
that, over time, could expose data from tables other than the table for
which the foreign table was created.

Passing anything other than a column name is deprecated syntax, and
since the behavior of the `CollapsingMergeTree` option was never
documented for pg_clickhouse, refactor the code to require a single,
possibly quoted, identifier. Allow an unquoted identifier to be no
longer than a Postgres identifier (63 characters, internally 64 with
null byte) and a quoted identifier to be double length (127 characters,
internally 128 with null byte).

Remove setting the parameter to "sign" when there is no parameter.
ClickHouse requires a parameter, and its name in the docs is "sign", but
that's not its value unless the column it identifies has that name.

Add the `ch_quote_ident` function, which simply returns a valid
already-quoted identifier and otherwise uses PostgreSQL's
`quote_identifier()` to quote the identifier. It raises an exception if
the identifier's length is zero or greater than 63 unquoted or greater
than 127 quoted. ClickHouse allows much longer identifiers, but Postgres
does not. It does validate that any quote characters within the quoted
string are properly escaped in order to avoid quoted SQL injection
shenanigans.

Remove the unused `signfield` field from the `CHFdwRelationInfo` struct.
The code was copying the `CollapsingMergeTree` parameter to this field
and doing nothing with it, which caused some confusion by triggering
`PortalContext: detected write past chunk end in block` warnings when
the `CollapsingMergeTree` parameter was longer.

Add tests that, previous to this fix, demonstrated the injections, and
now of course do not. Use a `DO` statement and `LIKE` expressions to
evaluate the successful elimination of the injection, because the error
format changed between ClickHouse 24.3 and 24.8, and this allows us to
have just a single expected output file. The tests also demonstrate
quotation validation and `quote_identifier()` behavior and and length
validation.