This removes the temporary `audit_download_strategy` exception for
the `lsr` formula. This was necessary to be able to merge support for
tangled.sh Git URLs, as it made the `using: :git` argument in the
`lsr` formula redundant and caused the "formula audit" check to fail
in brew CI.

cask/audit: fix install of container deps

Remove temporary audit exception for lsr

We have some formulae and casks that contain both `deprecate!` and
`disable!` calls, presumably as a way of controlling the deprecation
behavior before the disable date is reached. However, once the disable
date has been reached, `Livecheck::SkipConditions` continues to skip
the package as deprecated instead of disabled. This isn't a functional
issue as the package is still skipped but it isn't accurate because
it's not being skipped as disabled.

This reorders `FORMULA_CHECKS` and `CASK_CHECKS` to run the disabled
check before the deprecated check, so the disable date will take
precedence when it's been reached.

Let's avoid weirdness in other parts of Homebrew by moving this prepend
to be as late as possible.

…k-disabled-before-deprecated

SkipConditions: check disabled before deprecated

Make `Pathname.prepend WriteMkpathExtension` as late as possible.

On the [beta Bluefin LTS](https://docs.projectbluefin.io/lts), `brew config` reports:

```console
OS: CentOS Stream release 10 (Coughlan)
```

This is due to the `/etc/redhat-release` file being prioritized over `::OS_VERSION` (`PRETTY_NAME` from `/etc/os-release`).

On Bluefin LTS, `PRETTY_NAME` is `Bluefin LTS`.

This commit reverses the order so `brew config` has better detection:

```
OS: Bluefin LTS
```

I tested on RHEL 10 and the OS line only changed in that the word
"release" was omitted:

```
$ cat /etc/redhat-release
Red Hat Enterprise Linux release 10.0 (Coughlan)
$ grep PRETTY_NAME /etc/os-release
PRETTY_NAME="Red Hat Enterprise Linux 10.0 (Coughlan)"
```

- This is an improvement on my previous PR #15788

config: Remove use of `/etc/redhat-release`

I ran `brew livecheck` today to check the packages in my watchlist
and realized that it wasn't checking one package because I had added
a trailing comment after the name (and `package # Comment` isn't a
valid package name). I thought we had added support for trailing
comments when we originally added comment support years back but I
must have been mistaken.

This adds support for trailing comments in livecheck watchlist files
as part of refactoring the watchlist line parsing logic to only use
one pass (instead of multiple `#map` and `#reject` calls). This
maintains the existing behavior, where blank lines and lines starting
with `#` are skipped, but does so in a more flexible manner. For
example, the existing logic wouldn't skip a comment line that has one
or more spaces before the `#` character but this new logic will
correctly skip it.

…mments-in-watchlist

livecheck: support trailing comments in watchlist

`Cask::Audit.audit_livecheck_version` can raise a `key not found:
:latest` error when a hash from livecheck's `latest_version` method
doesn't have a `:latest` value. This error means that livecheck was
unable to identify the latest upstream version but it can only be
understood if the reader knows how this audit is implemented (and it
may also depend on knowing the structure of livecheck's
`latest_version` hash). Without that knowledge, the error doesn't
make it clear which audit is failing and why.

This addresses the issue by using `nil` as the default value for this
`fetch` call and accounting for a `nil` `latest_version` value. This
allows the audit to surface the usual "Version '1.2.3' differs from
'' retrieved by livecheck" failure, which makes it more clear that
livecheck isn't returning a version.

…error

Cask::Audit: fix `key not found: :latest` error

utils/pid_path: use libSystem