* rename method checking that free write claims are available
* use package-level variables for claim errors
* semgrep fix for testify

The volumewatcher test incorrectly represents the change in attachment
and access modes introduced in Nomad 1.1.0 to support volume
creation. This leads to a test that happens to pass but only
accidentally.

Update the test to correctly represent the volume modes set by the
existing claims on the test volumes.

Adding link to interview form

In PR #11892 we updated the `csi_hook` to unmount the volume locally
via the CSI node RPCs before releasing the claim from the server. The
timer for this hook was initialized with the retry time, forcing us to
wait 1s before making the first unmount RPC calls.

Use the new helper for timers to ensure we clean up the timer nicely.

core: remove all traces of unused protocol version

Nomad inherited protocol version numbering configuration from Consul and
Serf, but unlike those projects Nomad has never used it. Nomad's
`protocol_version` has always been `1`.

While the code is effectively unused and therefore poses no runtime
risks to leave, I felt like removing it was best because:

1. Nomad's RPC subsystem has been able to evolve extensively without
   needing to increment the version number.
2. Nomad's HTTP API has evolved extensively without increment
   `API{Major,Minor}Version`. If we want to version the HTTP API in the
   future, I doubt this is the mechanism we would choose.
3. The presence of the `server.protocol_version` configuration
   parameter is confusing since `server.raft_protocol` *is* an important
   parameter for operators to consider. Even more confusing is that
   there is a distinct Serf protocol version which is included in `nomad
   server members` output under the heading `Protocol`. `raft_protocol`
   is the...

connect: write envoy bootstrap debugging info

connect: bootstrap envoy using -proxy-id

This PR modifies the Consul CLI arguments used to bootstrap envoy for
Connect sidecars to make use of '-proxy-id' instead of '-sidecar-for'.

Nomad registers the sidecar service, so we know what ID it has. The
'-sidecar-for' was intended for use when you only know the name of the
service for which the sidecar is being created.

The improvement here is that using '-proxy-id' does not require an underlying
request for listing Consul services. This will make make the interaction
between Nomad and Consul more efficient.

Closes #10452

When Consul Connect just works, it's wonderful. When it doesn't work it
can be exceeding difficult to debug: operators have to check task
events, Nomad logs, Consul logs, Consul APIs, and even then critical
information is missing.

Using Consul to generate a bootstrap config for Envoy is notoriously
difficult. Nomad doesn't even log stderr, so operators are left trying
to piece together what went wrong.

This patch attempts to provide *maximal* context which unfortunately
includes secrets. **Secrets are always restricted to the secrets/
directory.** This makes debugging a little harder, but allows operators
to know exactly what operation Nomad was trying to perform.

What's added:

- stderr is sent to alloc/logs/envoy_bootstrap.stderr.0
- the CLI is written to secrets/.envoy_bootstrap.cmd
- the environment is written to secrets/.envoy_bootstrap.env as JSON

Accessing this information is unfortunately awkward:
```
nomad alloc exec -task connect-proxy-count-countdash b36a cat secrets/.envoy_bootstrap.env
nomad alloc exec -task connect-proxy-count-countdash b36a cat secrets/.envoy_bootstrap.cmd
nomad alloc fs b36a alloc/logs/envoy_bootstrap.stderr.0
```

The above assumes an alloc id that starts with `b36a` and a Connect
sidecar proxy for a service named `count-countdash`.

If the alloc is unable to start successfully, the debugging files are
only accessible from the host filesystem.

deps: upgrade hashicorp/raft to v1.3.5

build: BIN value must use single-path GOPATH value

namespace refactoring

When GOBIN is not set, BIN must be set to the single-path workaround
value of GOPATH, because Circle.

URLs have changed - tests need to reflect that.

* change the breadcrumbs generation to use `idWithNamespace`
* adapt tests to reflect new URLs for jobs with namespaces

We need to change the way we access `JobDetail`-pages based on recent
namespace changes.

We need to access job-details differently when they have a namespace
due to recent namespace changes - we need to make the tests reflect
that.

There is no need to check the namespace query-param anymore with
`urlWithNamespace` but some tests still are using this. We refactor
the tests to be less clever and check the URL in a more manual approach
by explicitly defining how the URL should look like if a job belongs
to a namespace.

Recent changes changed the behavior of not adding the `@default`
-namespace - we need to adapt the tests accordingly

Default namespaced jobs don't append the `@default`-id anymore due
to recent `jobs.job#serialize` changes.

build: respect GOBIN when using make targets

This PR updates GNUMakefile to respect $GOBIN if it is set in the
environment or via an $GOENV file. Previously we hard-coded the output
to $GOPATH/bin, which is not necessarily the desired behavior.

* less clever™ metaprogramming when checking for expectedURL
* clicking slices job-client-status-summary needs to change its
  behavior and not pass the namespace query-param anymore.

The new ID handling gives us this behavior for free and we don't need
to drill the namespace down through all the route-layers anymore.

This will give us 'correct' URLs for free when we only pass a `job`-model
to a `LinkTo` that links to the `jobs.job.*`-routes.

We need to adapt the test due to recent namespace changes.