skip checkRepoConfigInaccessible when git directory specified explicitly

Fix a reversion that prevented git-annex from working in a repository when
--git-dir or GIT_DIR is specified to relocate the git directory to
somewhere else. (Introduced in version 10.20220525)

checkRepoConfigInaccessible could still run git config --list, just passing
--git-dir. It seems not necessary, because I know that passing --git-dir
bypasses git's check for repo ownership. I suppose it might be that git
eventually changes to check something about the ownership of the working
tree, so passing --git-dir without --work-tree would still be worth doing.
But for now this is the simple fix.

Sponsored-by: Nicholas Golder-Manning on Patreon

Git/Config.hs

@@ -282,16 +282,20 @@ unset ck@(ConfigKey k) r = ifM (Git.Command.runBool ps r)
  - repo.
  -}
 checkRepoConfigInaccessible :: Repo -> IO Bool
-checkRepoConfigInaccessible r = do
-	-- Cannot use gitCommandLine here because specifying --git-dir
-	-- will bypass the git security check.
-	let p = (proc "git" ["config", "--local", "--list"])
-		{ cwd = Just (fromRawFilePath (repoPath r))
-		, env = gitEnv r
-		}
-	(out, ok) <- processTranscript' p Nothing
-	if not ok
-		then do
-			debug (DebugSource "Git.Config") ("config output: " ++ out)
-			return True
-		else return False
+checkRepoConfigInaccessible r
+	-- When --git-dir or GIT_DIR is used to specify the git
+	-- directory, git does not check for CVE-2022-24765.
+	| gitDirSpecifiedExplicitly r = return False
+	| otherwise = do
+		-- Cannot use gitCommandLine here because specifying --git-dir
+		-- will bypass the git security check.
+		let p = (proc "git" ["config", "--local", "--list"])
+			{ cwd = Just (fromRawFilePath (repoPath r))
+			, env = gitEnv r
+			}
+		(out, ok) <- processTranscript' p Nothing
+		if not ok
+			then do
+				debug (DebugSource "Git.Config") ("config output: " ++ out)
+				return True
+			else return False