Add Assure() as a replacement for problematic Must() (#864)
The now-deprecated Must() has several interdependent flaws:
1. Must() logs at debug level 3, hiding some important bugs from humans.
2. Must() has been (ab)used for both checking code logic and validating
input, making purpose-specific implementation changes impractical.
3. Must() does not honor the standard NDEBUG macro, complicating runtime
cost assessment and surprising some developers that are used to that
standard assert() semantics.
The new Assure() is a throwing version of a POSIX assert(3):
* Meant for detecting Squid code logic bugs (not input validation).
* Informs admins about bugs by logging their info to cache.log.
* Completely disabled in NDEBUG builds.
* Kills the current component (e.g., a Squid-origin HTTP transaction).
The killed component boundary is essentially defined by the location of
the handling try/catch statement. Some Assure() failures will kill a
Squid process, but the throwing code should not worry (or even know)
about the catcher location and handling logic.
This change also optimizes the compiled Must()/Assure() caller code
size, which may help a bit with runtime performance: With the new
Assure()/Must() implementation approach, the total stripped Squid
executable size in one reasonable configuration goes down by 5%. For
comparison, removing all Must()s completely gives 6% size reduction.
Automatically replacing Must() calls with Assure() is not practical due
to the second flaw itemized above.