transfer.timeout: Support configurable timeouts for dead clients

Broken (or simply evil) clients can open a command and hang forever,
without exchanging packets with us.  These connections consume a work
thread from the thread pool, and tie up server memory that could be
used to assist another client.  By configuring transfer.timeout in
gerrit.config a site administrator can now limit how long their
server will wait for a single IO operation to complete before
disconnecting a client with a timeout error.

The timeout is currently disabled by default because it requires
spinning up (and tearing down) a thread for each command executed.
The thread exists only to count-down the timeout period and interrupt
the blocked IO operation on the real work thread.  Hopefully we can
modify JGit to either support non-blocking, asynchronous IO here,
or to permit using timer thread pools, to reduce the thread overhead
involved with setting up a timeout for a network socket.

Change-Id: Ic1608d4905082bb0639c2a0b35fd3bd9a6fccd43
Signed-off-by: Shawn O. Pearce <sop@google.com>

gerrit-sshd/src/main/java/com/google/gerrit/sshd/SshModule.java

@@ -81,6 +81,7 @@ public class SshModule extends FactoryModule {
     bind(PublickeyAuthenticator.class).to(DatabasePubKeyAuth.class);
     bind(PasswordAuthenticator.class).to(DatabasePasswordAuth.class);
     bind(KeyPairProvider.class).toProvider(HostKeyProvider.class).in(SINGLETON);
+    bind(TransferConfig.class);
 
     install(new DefaultCommandModule());