Co-authored-by: Markus Arians <markus.arians@andrena.de>

The `title` function unsafely prints its input without sanitization, which if used
with custom user code that calls it, it could trigger command injection.

The `spectrum_ls` and `spectrum_bls` could similarly be exploited if a variable is
changed in the user's shell environment with a carefully crafted value. This is
highly unlikely to occur (and if possible, other methods would be used instead),
but with this change the exploit of these two functions is now impossible.

Closes #10124
Co-authored-by: Paul Schorfheide <pschorf2@gmail.com>
Co-authored-by: Alastair Rankine <alastair@girtby.net>

Environment variable EMACS was replaced by INSIDE_EMACS

In Ubuntu and Debian, in scp, and in rsync the prompt is by default specified as in

  user@hostname:/path/to/directory

while the previous title in ohmyzsh was

  user@hostname: /path/to/directory

Fixes #9295

Co-authored-by: Peter J. Schroeder <peterjschroeder@gmail.com>

DISABLE_UNTRACKED_FILES_DIRTY, DISABLE_AUTO_TITLE, GIT_STATUS_IGNORE_SUBMODULES are not set
Handle these variables not being set with conditional access.

If the user has set -u option to report attempts to use undeclared / unassigned variable, accessing the variables needs to be conditional.

`jobs %string` doesn't work correctly when run inside `$()`. `$jobstates` and
`$jobtexts` is available in the current shell process, so even though we need
to replicate a bit more logic, every type of `fg` invocation works correctly.

Apple's Terminal doesn't open a new tab in your current directory if your hostname has UTF-8 characters in it. Percent encoding the host in addition to the path in update_terminalapp_cwd appears to solve this issue.
Co-authored-by: Marc Cornellà <marc.cornella@live.com>

Use add-zsh-hook to add functions to hooks. That way they won't be added again
when doing `source ~/.zshrc` multiple times.
Co-authored-by: Marc Cornellà <marc.cornella@live.com>

* use https everywhere

* use https links on the files that are left

Also, removed some broken links and updated redirections.

Currently, the title is only set on supported terminals (i.e. xterm,
urxvt, screen etc.). Using terminfo entries to set the terminal title
adds support for many more terminals.

This prevents it from malfunctioning when `setopt prompt_subst` is off.

Add support for variant "utf8" locale suffix spelling. Fix dumb bug in iconv call that would cause it to hang.

For unspecified encodings, assume it's UTF-8 or compatible (e.g. ASCII) and muddle through without character encoding conversion.

In termsupport, use LC_CTYPE instead of LANG to enable byte-by-byte text processing. LANG doesn't seem to actually work.

Remove terminalapp plugin and fold its implementation in to lib/termsupport.zsh. Replaces the redundant Terminal.app support that was recently added to termsupport.