Add .gitattributes file to .git-crypt dir to prevent encryption

Previously, if you had a .gitattributes file in the root of your
repository that matched `*`, the files under .git-crypt would also be
encrypted, rendering the repository un-decryptable, unless you explicitly
excluded the .git-crypt directory, which was easy to overlook.

Now, `git-crypt add-gpg-user` automatically adds a .gitattributes file
to the .git-crypt directory to prevent its encryption.

IMPORTANT: If you are currently using GPG mode to encrypt an entire
repository, it is strongly advised that you upgrade git-crypt and then
do the following to ensure that the files inside .git-crypt are stored
properly:

 1. Remove existing key files: `rm .git-crypt/keys/*/0/*`
 2. Re-add GPG user(s): `git-crypt add-gpg-user GPG_USER_ID ...`

commands.cpp

@@ -1040,6 +1040,19 @@ int add_gpg_user (int argc, const char** argv)
 
 	encrypt_repo_key(key_name, *key, collab_keys, get_repo_keys_path(state_path), &new_files);
 
+	// Add a .gitatributes file to the repo state directory to prevent files in it from being encrypted.
+	const std::string		state_gitattributes_path(state_path + "/.gitattributes");
+	if (access(state_gitattributes_path.c_str(), F_OK) != 0) {
+		std::ofstream		state_gitattributes_file(state_gitattributes_path.c_str());
+		state_gitattributes_file << "* !filter !diff\n";
+		state_gitattributes_file.close();
+		if (!state_gitattributes_file) {
+			std::clog << "Error: unable to write " << state_gitattributes_path << std::endl;
+			return 1;
+		}
+		new_files.push_back(state_gitattributes_path);
+	}
+
 	// add/commit the new files
 	if (!new_files.empty()) {
 		// git add NEW_FILE ...