The first clang-tidy run on v0.7.0 reported 193 warnings, all from
one check: clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling.
That check flags snprintf, fprintf, memset, strncpy etc. and
recommends the C11 Annex K _s variants (snprintf_s, memset_s, ...).
Annex K is fundamentally not portable — glibc, musl, and MSVC all
either don't implement it or implement it incompletely. snprintf is
already bounds-checked via its size argument; this check is noise
rather than signal in any real C codebase.
Also pre-emptively disabling bugprone-easily-swappable-parameters
which fires on every small utility function taking 2+ same-typed
params (e.g. skeletonkey_host_kernel_at_least(host, major, minor,
patch)).
Everything else stays on. The next CI run will show whatever real
findings hid under the noise.
