Updates and feature additions to failsafe system.

- Added failsafe flightmode and rc control box.

To make failsafe procedure a separate flight mode and make it possible
to trigger failsafe with an AUX switch.

- Failsafe mode is activated when failsafe is active.

RC link lost is simulated with the failsafe AUX switch.
When NOT armed: failsafe switch to failsafe mode is shown in GUI (mode
tab).

- Activate failsafe mode with AUX switch.

- Prevent arming when failsafe via AUX switch is active (safety issue).

- Make failsafe disarm if motors armed and throttle was LOW (2D & 3D)
for `failsafe_throttle_low_delay` time (__JustDisarmEvent__).

Applied code changes to effectively add pull request: Make failsafe
disarm if motors armed and throttle low #717.

- Use failsafeIsMonitoring() to actually start monitoring.

- Added `failsafe_kill_switch` to code.

When set to 1 (0 is default), the failsafe switch will instantly disarm
(__KillswitchEvent__) instead of executing the landings procedure.
Arming is NOT locked after
this, so the craft could be re-armed if needed.
This is intended for racing quads where damage and danger must be
minimized in case of a pilot error.

- Added `failsafe_throttle_low_delay`, adapted documentation.

Used to adjust the time throttle level must have been LOW
to _only disarm_ instead of _full failsafe procedure_
(__JustDisarmEvent__).

- Updated the failsafe documentation.

- Re-enable arming at end of failsafe procedure.

At the end of a handled failsafe event, that means: auto-landing,
__JustDisarmEvent__ or __KillswitchEvent__, the RX link is monitored for
valid data.
Monitoring is a part of the failsafe handling, which means the craft is
still in failsafe mode while this is done.
Arming is re-enabled (allowed) when there is a valid RX link for more
then XX seconds, where XX depends on the handled event like this:
1. XX = 30 seconds after auto landing.
2. XX = 3 seconds after __JustDisarmEvent__.
3. XX = 0 seconds after __KillswitchEvent__.

NOTE: When armed via an AUX switch, you will have to switch to the
disarmed position at the very end to be able to re-arm.
The failsafe mode will not end until you do.

- __KillswitchEvent__ has now priority over __JustDisarmEvent__

- Apply rxfail values instantly when failsafe switch is ON

- Added missing cases to display.c

Show M when failsafe is monitoring for RX recovery (AND disarming when
armed with a switch).

===

Reworked the code from counter-based to time-based.

- AUX failsafe switch now has identical behavior to RX loss.

- Added RX failure and RX recovery timing.

- __KillswitchEvent__ skips RX failure detection delay (direct disarm).

===

[UNIT TESTS]

Adapted failsafe related unittests from counter-based to time-based

- Added failsafeOnValidDataFailed() to some tests

- Removed duplicate test setup from rc_controls_unittest.cc

- Removed magic numbers from rx_ranges_unittest.cc and rx_rx_unittest.cc

- Reworked all test-cases for flight_failsafe_unittest.cc

src/main/io/display.c

@@ -231,6 +231,12 @@ void updateFailsafeStatus(void)
         case FAILSAFE_LANDED:
             failsafeIndicator = 'L';
             break;
+        case FAILSAFE_RX_LOSS_MONITORING:
+            failsafeIndicator = 'M';
+            break;
+        case FAILSAFE_RX_LOSS_RECOVERED:
+            failsafeIndicator = 'r';
+            break;
     }
     i2c_OLED_set_xy(SCREEN_CHARACTER_COLUMN_COUNT - 3, 0);
     i2c_OLED_send_char(failsafeIndicator);