Build: Don't modify CMAKE_C_FLAGS_* if specified
The build system originally force-enabled the maximum optimization level
(-O3) with GCC because it significantly improved the performance of the
C Huffman encoder on x86 platforms.  Since libjpeg-turbo 1.5.x, the
Huffman encoder has been SIMD-accelerated on x86 and Arm platforms, and
in my testing on various Intel CPUs, the difference between -O2 and -O3
is no longer statistically significant.  However, on certain Arm CPUs, I
observe that grayscale decompression slows down by 16-27% with -O2 vs.
-O3.  Although modern versions of CMake use -O3 as the default
optimization level for Release builds, -O2 is still the default
optimization level for RelWithDebInfo builds.  Thus, I am reluctant to
change the default behavior of our build system.  However, referring
to #815, some users observe better performance with -O2 vs. -O3 on other
Arm CPUs, so the build system needs to allow users to override the
default behavior.
Closes #815

Build: Fix float test errors with Xcode 14.2/Arm
Unlike other versions of Clang 14.0.0, AppleClang 14.0.0 in Xcode 14.2
retains the old -ffp-contract=off default.  Apple didn't adopt
-ffp-contract=on as the default until Xcode 14.3 (AppleClang 14.0.3.)
This has been confirmed in the Xcode 14.3 release notes.

Build: Fix typo

tj3Transform: Don't calc dst subsamp unless needed
This just improves code readability by emphasizing that we don't care
about the destination image's level of subsampling unless
TJPARAM_NOREALLOC is set or lossless cropping will be performed.

The Independent JPEG Group's JPEG software v9f

jerror.c: Silence MSan uninitialized value warning
If an error manager instance is passed to jpeg_std_error(), then its
format_message() method will point to the format_message() function in
jerror.c.  The format_message() function passes all eight values from
the jpeg_error_mgr::msg_parm.i[] array as arguments to
snprintf()/_snprintf_s(), even if the format string doesn't use all of
those values.  Subsequently invoking one of the ERREXIT[1-6]() macros
will leave the unused values uninitialized, and if the
-fsanitize-memory-param-retval option (introduced in Clang 14) is
enabled (which it is by default in Clang 16 and later), then MSan will
complain when the format_message() function tries to pass the
uninitialized-but-unused values as function arguments.
This commit modifies jpeg_std_error() so that it zeroes out the error
manager instance passed to it, thus working around the warning as well
as simplifying the code.
Closes #761

Build: Add tjdoc target for building TurboJPEG dox

example.c: Fix 12-bit PPM write w/ big endian CPUs

AppVeyor: Use SignPath release cert/only sign tags
The SignPath release certificate for our project is not yet available as
of this writing, but this commit prepares the CI system to use the
release certificate whenever it becomes available.  It also restricts
signing only to tags, which correspond to official releases.  (That
mimics our traditional policy of not signing pre-release builds.)

ChangeLog.md: Document 4e028ec
+ bump version to 3.0 beta2