AP_HAL_ChibiOS: prevent Periph bricking problem when paniccing early

if Periph panics before we mark the scheduler as initialised then we don't watchdog, which we really need to do on periph nodes so they can be re-flashed conveniently.

libraries/AP_HAL_ChibiOS/Scheduler.cpp

@@ -79,6 +79,13 @@ THD_WORKING_AREA(_storage_thread_wa, STORAGE_THD_WA_SIZE);
 THD_WORKING_AREA(_monitor_thread_wa, MONITOR_THD_WA_SIZE);
 #endif
 
+// while the vehicle is being initialised we expect there to be random
+// delays which may exceed the watchdog timeout.  By default, We pat
+// the watchdog in the timer thread during setup to avoid the watchdog:
+#ifndef AP_HAL_CHIBIOS_IN_EXPECTED_DELAY_WHEN_NOT_INITIALISED
+#define AP_HAL_CHIBIOS_IN_EXPECTED_DELAY_WHEN_NOT_INITIALISED 1
+#endif
+
 Scheduler::Scheduler()
 {
 }
@@ -372,10 +379,12 @@ void Scheduler::_rcout_thread(void *arg)
 */
 bool Scheduler::in_expected_delay(void) const
 {
+#if AP_HAL_CHIBIOS_IN_EXPECTED_DELAY_WHEN_NOT_INITIALISED
     if (!_initialized) {
         // until setup() is complete we expect delays
         return true;
     }
+#endif
     if (expect_delay_start != 0) {
         uint32_t now = AP_HAL::millis();
         if (now - expect_delay_start <= expect_delay_length) {

libraries/AP_HAL_ChibiOS/hwdef/scripts/defaults_periph.h

@@ -328,3 +328,10 @@
 #ifndef HAL_BOARD_TERRAIN_DIRECTORY
 #define HAL_BOARD_TERRAIN_DIRECTORY "/APM/TERRAIN"
 #endif
+
+// for boards other than AP_Periph we are always expecting delays when
+// not initialised.  We can't afford that on AP_Periph as you may end
+// up with a bricked node if you write a bad firmware to it.
+#ifndef AP_HAL_CHIBIOS_IN_EXPECTED_DELAY_WHEN_NOT_INITIALISED
+#define AP_HAL_CHIBIOS_IN_EXPECTED_DELAY_WHEN_NOT_INITIALISED 0
+#endif