Chore(deps): bump deps

- Bump golangci-lint to v1.43.0 (fixing a typo)
- Update golangci-lint configs for v1.43.0
- Bump the go toolchain used in CI to 1.17.3
- Bump go-internal and /x/sys to the latest commits
Chore(lint): update/pin golangci-lint to v1.43.0

Update golangci-lint's configs for the new golangci-lint 1.43.0,
featuring two new linters.

The parent commit e561b8675a43d8a9030719a1329898692a2300a7 ensured
compliance with the new varnamelen linter.
Chore(style): more descriptive varnames

Some varnames had confusing names, which were enough to confuse the
maintainer after a couple weeks away from the project. The varnamelen
linter recently introduced to golangci-lint helped pinpoint
non-descriptive names used across a nontrivial number of lines.

Single-letter names used across fewer than 5 lines are fine, though.
Fix some spelling mistakes

"liklihood" -> "likelihood"
"alculate" -> "calculate"
Refactor: move grapheme logic to shared file

Forgot to format the grandparent commit; clean up import-order,
whitespace, etc. The complexity of main1() grew a bit and the grapheme
handling was repetitive, so moved it to the shared internal/cli subpkg.
Test(CLI): add tests for grapheme clustering

Add testscripts for uniseg-based grapheme cluster detection + warning.
This also involved following the process for adding a new dependency:
added it go.mod, go.sum, and .go-arch-lint.yml.

Also updated SECURITY.md documentation to remove now-outdated info
regarding 3p deps.
CLI: warn if grapheme clusters are detected

The uniseg package was used to detect grapheme clusters, because it is
the only one which supports it at the moment.

[Ticket: 19]
Chore(CI): fix OpenBSD build flags

OpenBSD's ubsan doesn't seem to be working; remove it for now. Any
undefined behavior would probably be unavoidable anyway, as it's
probably just from the go stdlib.
Chore(deps): bump deps

- Support golangci-lint with gocritic v0.6.0
- Bump golang.org/x/sys to latest commit
Doc: document more security requirements

Just some clarifications to the project's security requirements, no new
information or major changes.

- Use some better terminology when describing test types.
- Nits: grammar fixes, minor clarifications.
Doc(README): add more alternatives

- Group alternatives by scope (pwgen, password analysis, both).
- Add alternatives: pass-checker, repassgen, and my own genpw.
Chore(CI): use Go 1.17.2

Download and use the Go 1.17.2 toolchain for glibc-based builds in CI.
Used to be 1.17.1.
Feat(CLI): allow setting guesses-per-sec

Add a CLI flag -G to set guesses-per-second.

This obviously required updating flag parsing, manpages, and CLi
testscript scenarios.

In addition, GuessesPerSecond had to be checked for validity (i.e. it
couldn't be negative); this added to the checking of CLI error messages.

Also edited error strings that generated said error messages to remove
single quotes since testscript doesn't like them and "cannot" is cleaner
than "can't" with a bunch of escapes.
Test: ensure GenPW panics properly w/o crypto/rand

Run a test that temporarily breaks crypto/rand and ensures that GenPW
panics without a CSPRNG. Also check that the logged message is correct.

This uses an approach borrowed from gopass:
Refactor: remove impossible/unnecessary panics

Remove impossible and unnecessary panics in givens.go; these checked for
impossible situations that are now accounted for and tested. For
instance, one check ensured that energy was never zero, but since then
givens is guaranteed to set energy to a nonzero value or error

Re-ordered the functions to follow a more logical flow.
Test: add test case for custom guesses-per-second

Since I'm about to add functionality to the CLI to specify a custom
number of guesses per second, it seemed appropriate to test this
functionality in the library first. Surprisingly, a custom
guesses-per-second was never accounted for until now.

When I add the ability to specify custom guesses-per-second on the CLI,
the corresponding scenario test can re-use these values.
Fix: remove ineffective code (from mutesting)

Mutation testing revealed some code to have no effect; remove it.
Further testing showed that some code intended to improve performance
(e.g. exiting loops early) did absolutely nothing.

One of these changes made the computation of guesses-per-second in
Givens.Populate() mirror everything else that used setBottleneck; since
everything else had been moved to its own function, do the same for
Test: add stress test for long pw

Add a test case for generating a super long password whose length is the
output of getLoops squared. Could be useful for detecting crashes, esp.
with CGO+sanitizers enabled.

Since this new case along with the previous empty-charset case aren't
part of the other pairwise pwgen test tables, move them to their own
Doc: add more project requirements

- Add SECURITY.md to list the project's security requirements
- Update the contribution guidelines/requirements in CONTRIBUTING.md
  with a reference to the new SECURITY.md
- Explicitly set shfmt formatting flags to meet portability
Chore(style): remove unnecessary "else" statements

Remove unnecessary "else" statements, replacing them with early exits if
appropriate. This keeps  the code simpler and flatter, and also neatly
separates a "normal" flow from a "special-case" flow.