build: disable typecheck for analyzers and Fil-C

- cmake: automatically disable typecheck when running clang-tidy,
  to avoid possible interference, and to improve performance.

- INSTALL-CMAKE: document both this, and unity=off for clang-tidy.

- GHA/linux: disable for some static analyzers CI jobs to avoid possible
  interference.

- GHA/linux: disable in Fil-C job to improve build performance.

Follow-up to 9e6f1c5efb #19637
Follow-up to fd2ca2399e #17955

Closes #19941

.github/workflows/linux.yml

@@ -226,7 +226,7 @@ jobs:
             CC: /home/runner/filc/build/bin/filcc
             PKG_CONFIG_PATH: /home/runner/nghttp2/lib/pkgconfig
             generate: >-
-              -DBUILD_STATIC_LIBS=ON -DBUILD_SHARED_LIBS=OFF -DCMAKE_UNITY_BUILD=OFF
+              -DBUILD_STATIC_LIBS=ON -DBUILD_SHARED_LIBS=OFF -DCMAKE_UNITY_BUILD=OFF -DCURL_DISABLE_TYPECHECK=ON
               -DOPENSSL_ROOT_DIR=/home/runner/libressl -DCURL_USE_LIBPSL=OFF
               -DCURL_ZLIB=OFF -DCURL_BROTLI=OFF -DCURL_ZSTD=OFF
               -DCURL_DISABLE_LDAP=ON -DUSE_LIBIDN2=OFF -DCURL_USE_LIBSSH2=OFF
@@ -241,7 +241,7 @@ jobs:
             configure: >-
               --with-wolfssl=/home/runner/wolfssl-opensslextra --with-openssl --with-rustls --with-mbedtls=/home/runner/mbedtls --with-gnutls --with-libgsasl
               --with-librtmp --with-libssh2 --with-libidn2
-              --enable-ech --with-gssapi --enable-ssls-export
+              --enable-ech --with-gssapi --enable-ssls-export --disable-typecheck
 
           - name: 'scan-build'
             install_packages: clang-tools clang libssl-dev libidn2-dev libssh2-1-dev libnghttp2-dev libldap-dev libgss-dev librtmp-dev libgnutls28-dev
@@ -256,7 +256,7 @@ jobs:
               --with-wolfssl=/home/runner/wolfssl-opensslextra --with-openssl --with-rustls --with-mbedtls=/home/runner/mbedtls --with-gnutls --with-libgsasl
               --with-librtmp --with-libssh2 --with-libidn2
               --enable-ech --with-gssapi --enable-ssls-export
-              --disable-debug --disable-unity
+              --disable-debug --disable-unity --disable-typecheck
 
           - name: 'scan-build H3 c-ares'
             install_packages: clang-tools clang libidn2-dev libnghttp2-dev
@@ -270,7 +270,7 @@ jobs:
             configure: >-
               --with-openssl=/home/linuxbrew/.linuxbrew/opt/openssl --with-ngtcp2 --with-nghttp3=
               --with-libidn2 --enable-httpsrr --enable-ares
-              --disable-debug --disable-unity
+              --disable-debug --disable-unity --disable-typecheck
               --disable-verbose
 
           - name: 'address-sanitizer'

CMakeLists.txt

@@ -266,6 +266,7 @@ endif()
 option(CURL_CLANG_TIDY "Run the build through clang-tidy" OFF)
 if(CURL_CLANG_TIDY)
   set(CMAKE_UNITY_BUILD OFF)  # clang-tidy is not looking into #included sources, thus not compatible with unity builds.
+  set(CURL_DISABLE_TYPECHECK ON)  # to improve performance and avoid potential interference.
   set(_tidy_checks "")
   list(APPEND _tidy_checks "-clang-analyzer-security.insecureAPI.bzero")  # for FD_ZERO() (seen on macOS)
   list(APPEND _tidy_checks "-clang-analyzer-security.insecureAPI.strcpy")

docs/INSTALL-CMAKE.md

@@ -226,6 +226,7 @@ target_link_libraries(my_target PRIVATE CURL::libcurl)
 - `BUILD_STATIC_LIBS`:                      Build static libraries. Default: `OFF` (turns to `ON` if `BUILD_SHARED_LIBS` is `OFF`)
 - `BUILD_TESTING`:                          Build tests. Default: `ON`
 - `CURL_CLANG_TIDY`:                        Run the build through `clang-tidy`. Default: `OFF`
+                                            If enabled, it implies `CMAKE_UNITY_BUILD=OFF` and `CURL_DISABLE_TYPECHECK=ON`.
 - `CURL_CLANG_TIDYFLAGS`:                   Custom options to pass to `clang-tidy`. Default: (empty)
 - `CURL_CODE_COVERAGE`:                     Enable code coverage build options. Default: `OFF`
 - `CURL_COMPLETION_FISH`:                   Install fish completions. Default: `OFF`