Add PackageManifest

[TimWolla]

This PR, as of right now, adds a PackageManifest class that generates a packages manifest summarizing the security critical identifiers of a package. The following design choices were made:

• As discussed in #3419 we don't want to hash the archive itself, because it's hard to make this reproducible and because developers might want to embed additional information.
• Contrary to the suggestion in #3419 even unused files within the archive are being hashed, including LICENSE and similar files. The reason is that it's impossible to statically determine which files are being accessed by a PIP in the general case.
  • package.xml is exempt for obvious reasons.
  • Embedded, explicitly referenced, package archives are exempt, because they will be verified on their own and not as part of the bundle. Additionally this allows package servers to strip inner archives to send smaller files, they are only ever used on manual upload anyway.
    • This technically allows the developer to embed an archive, also referencing it within an <instruction>, bypassing validation. Such shenanigans will be caught during the approval process within the Plugin-Store.
• The human readable package name was included, because that's what the end user uses to identify the package.

Depends on #3442 for acceptable performance.

Example manifest for com.woltlab.wcf

'manifestVersion': '1'
'identifier': 'com.woltlab.wcf'
'version': '5.3.0 Alpha 1'
'isApplication': '1'
'humanName':
  'default': 'WoltLab Suite Core'
'requirements': []
'excludedPackages': []
'files':
  'aclOption.xml': '373afa28315aba49efebc32d493900581339b69d2c14f448aa73c22346d0831a'
  'acpMenu.xml': 'd74c96c42d1e035a0a992a4484f3d37e3b77977c194504c33ad38a57da858596'
  'acpSearchProvider.xml': '074cfc1afa809bf425ed683dfb1afafc4ed5c8089f59fb99bf674c1edd8949af'
  'acptemplates.tar': '1d2b42ae7433448dcba2833c4add2ccea1a3230cea4765d1b2f15cfd864cceb0'
  'acptemplates_update.tar': '474aeca542c889e84e34f516f511641f02c92fd93df91c93a44238f6cc07c926'
  'bbcode.xml': '75eaf733db423403e1379fc3b7cb94d1f2b12a8d16dad1b0d0d07d0d1862585a'
  'box.xml': 'e8af3659c5d1663679b0db27b8b58eb394c1e920d3e16484408c9712c2e40277'
  'clipboardAction.xml': '7d2211862ec007ede32ae9b805885cfaf67a13cf285260775b2b37ecabd7a184'
  'coreObject.xml': 'dd66ee3acd407641b37e3f45a1378e98ea5c29900ea98847afb4446ef43c34e2'
  'cronjob.xml': 'a979f4605feaec02db3354acce5e32cadc0339d44ee4debd855bba31af2ca83f'
  'defaultStyle.tar': '8a21be5d87f40827bc9944063f514b2af195dc0979d830f0b911b84812c4d4c1'
  'eventListener.xml': '3255890c26ab6646f7be74d27b9ffe91d6e645c802e5da9f35e2187bd4a1bce1'
  'files.tar': '2439fbc130ee957b64321ff89f5d38c23a71a5487e96927b49bee8a3e701995a'
  'files_update.tar': 'caab056cc3a3ca27797fbda9e37db0b7a114db69a27036855d9085dc1f47d615'
  'language/de.xml': 'a426c5c739251f8f75aa43180c426edc68853b38f7d7b54342686a2149ebd86a'
  'language/en.xml': '66c4ec260fd65e4b4b73ed7bc015c93c8132e4e1457267ebe377e3a79fe4d2e7'
  'mediaProvider.xml': 'f421a8134e540e7959272d04c484b9643aa407f8db268bcbff35797c88530bc7'
  'menu.xml': '2a5bc3ced0f21eb5317047a799f2a71b86f78eb213bae5c41db34caf3b5181bc'
  'menuItem.xml': '8c5d2eb5ae4c82e18b1d74731581152483670af7d4560c8fa996c01aab82d14d'
  'objectType.xml': '3f1c91714375dc8a074f617d3df7fa25b75288a41983ea69c24515388e89166d'
  'objectTypeDefinition.xml': 'add9bc4234367a3b218ea065750de9074a0365d4cb1fd9d32b32910296771d37'
  'option.xml': 'd95bda8a130cee2dfc6727bb392356a57a3caaeb4aa5c3c95961ee76343c5a27'
  'packageInstallationPlugin.xml': 'e296c118b3cdfbe85b47ee449ad5c48549f2e7295b6a8b568c7bc7fa6f568663'
  'page.xml': 'cb61a77525e4bb4eb5f3686bdd6a25b11f7e4a055dd8665d1a216289770981ea'
  'smiley.xml': 'f765c6ac5744bb593e4e87373b56aefe1ee39b5ee673d1e2bf4517138212767f'
  'templateListener.xml': 'd40a87222dd7e55c21a7687dd79f241380b42d16475a17c8650a0ca3bfef88d0'
  'templates.tar': '2d4a3ffb9e495e92fa62ff44adce5daeb3a95495564614ad8713f461b68093e3'
  'templates_update.tar': '0ae5fbb9fb7ae1ed0c79453f28f8add9490d8567d7791e78808c31df35fa0aff'
  'userGroupOption.xml': '07cc9dafbcb962b8bf3fc4ef0295dfa9c15e00faa83672830972bbf9b4c56fe1'
  'userMenu.xml': 'ea8d463b4ca0530bc3aa64b06e8cbcabd5ff334421211f7c7dfb8ee9f87590e0'
  'userNotificationEvent.xml': '66ce6cdf8642fd9c8813e7c175afdf377e71ad611af62e9fc54f0b0abcf77b9d'
  'userOption.xml': '8b593a628a62709ef81d89064afefb54f69d6983775ff5b39de5aabacdf87dad'
  'userProfileMenu.xml': '4f4fcbf0067991d590178847d648412460960a084cdba3a3a365b94a18e51109'
'install':
  - 
    'type': 'packageInstallationPlugin'
    'value': ''
    'attributes': []
  - 
    'type': 'acpMenu'
    'value': ''
    'attributes': []
  - 
    'type': 'userGroupOption'
    'value': ''
    'attributes': []
  - 
    'type': 'option'
    'value': ''
    'attributes': []
  - 
    'type': 'template'
    'value': ''
    'attributes':
      'run': 'standalone'
  - 
    'type': 'eventListener'
    'value': ''
    'attributes': []
  - 
    'type': 'script'
    'value': 'acp/install.php'
    'attributes': []
  - 
    'type': 'cronjob'
    'value': ''
    'attributes': []
  - 
    'type': 'coreObject'
    'value': ''
    'attributes': []
  - 
    'type': 'clipboardAction'
    'value': ''
    'attributes': []
  - 
    'type': 'objectTypeDefinition'
    'value': ''
    'attributes': []
  - 
    'type': 'objectType'
    'value': ''
    'attributes': []
  - 
    'type': 'acpSearchProvider'
    'value': ''
    'attributes': []
  - 
    'type': 'style'
    'value': 'defaultStyle.tar'
    'attributes': []
  - 
    'type': 'userOption'
    'value': ''
    'attributes':
      'run': 'standalone'
  - 
    'type': 'bbcode'
    'value': ''
    'attributes': []
  - 
    'type': 'smiley'
    'value': ''
    'attributes': []
  - 
    'type': 'userProfileMenu'
    'value': ''
    'attributes': []
  - 
    'type': 'userMenu'
    'value': ''
    'attributes': []
  - 
    'type': 'userNotificationEvent'
    'value': ''
    'attributes': []
  - 
    'type': 'aclOption'
    'value': ''
    'attributes': []
  - 
    'type': 'page'
    'value': ''
    'attributes': []
  - 
    'type': 'menu'
    'value': ''
    'attributes': []
  - 
    'type': 'menuItem'
    'value': ''
    'attributes': []
  - 
    'type': 'box'
    'value': ''
    'attributes': []
  - 
    'type': 'mediaProvider'
    'value': ''
    'attributes': []
  - 
    'type': 'templateListener'
    'value': ''
    'attributes': []
  - 
    'type': 'script'
    'value': 'acp/post_install.php'
    'attributes': []
'update':
  '3.1.*':
    - 
      'type': 'file'
      'value': 'files_preUpdate.tar'
      'attributes': []
    - 
      'type': 'script'
      'value': 'acp/update_com.woltlab.wcf_5.2_preUpdate.php'
      'attributes':
        'flushCache': 'false'
    - 
      'type': 'file'
      'value': 'files_pre.tar'
      'attributes':
        'run': 'standalone'
    - 
      'type': 'language'
      'value': ''
      'attributes':
        'run': 'standalone'
    - 
      'type': 'script'
      'value': 'acp/update_com.woltlab.wcf_5.2_prePhpApi.php'
      'attributes':
        'flushCache': 'false'
    - 
      'type': 'script'
      'value': 'acp/update_com.woltlab.wcf_5.2.php'
      'attributes':
        'flushCache': 'false'
    - 
      'type': 'script'
      'value': 'acp/update_com.woltlab.wcf_5.2_reactionUpdate.php'
      'attributes':
        'flushCache': 'false'
    - 
      'type': 'script'
      'value': 'acp/update_com.woltlab.wcf_5.2_deleteRecentActivity.php'
      'attributes':
        'flushCache': 'false'
    - 
      'type': 'file'
      'value': 'files_routingCacheBuilder.tar'
      'attributes':
        'run': 'standalone'
    - 
      'type': 'sql'
      'value': 'update_5.2.sql'
      'attributes': []
    - 
      'type': 'option'
      'value': ''
      'attributes': []
    - 
      'type': 'script'
      'value': 'acp/update_com.woltlab.wcf_5.2_reloadOptions.php'
      'attributes': []
    - 
      'type': 'coreObject'
      'value': ''
      'attributes': []
    - 
      'type': 'file'
      'value': ''
      'attributes':
        'run': 'standalone'
    - 
      'type': 'template'
      'value': ''
      'attributes':
        'run': 'standalone'
    - 
      'type': 'acpTemplate'
      'value': ''
      'attributes':
        'run': 'standalone'
    - 
      'type': 'acpMenu'
      'value': ''
      'attributes': []
    - 
      'type': 'userGroupOption'
      'value': ''
      'attributes': []
    - 
      'type': 'cronjob'
      'value': ''
      'attributes': []
    - 
      'type': 'clipboardAction'
      'value': ''
      'attributes': []
    - 
      'type': 'objectTypeDefinition'
      'value': ''
      'attributes': []
    - 
      'type': 'objectType'
      'value': ''
      'attributes': []
    - 
      'type': 'acpSearchProvider'
      'value': ''
      'attributes': []
    - 
      'type': 'userOption'
      'value': ''
      'attributes':
        'run': 'standalone'
    - 
      'type': 'bbcode'
      'value': ''
      'attributes': []
    - 
      'type': 'userMenu'
      'value': ''
      'attributes': []
    - 
      'type': 'userNotificationEvent'
      'value': ''
      'attributes': []
    - 
      'type': 'page'
      'value': ''
      'attributes': []
    - 
      'type': 'menu'
      'value': ''
      'attributes': []
    - 
      'type': 'menuItem'
      'value': ''
      'attributes': []
    - 
      'type': 'box'
      'value': ''
      'attributes': []
    - 
      'type': 'mediaProvider'
      'value': ''
      'attributes': []
    - 
      'type': 'templateListener'
      'value': ''
      'attributes': []
    - 
      'type': 'style'
      'value': 'defaultStyle.tar'
      'attributes':
        'run': 'standalone'
    - 
      'type': 'script'
      'value': 'acp/update_com.woltlab.wcf_preventMailAbuse.php'
      'attributes': []
  '5.2.*': []

[TimWolla]

I've went ahead and already resolved the two requests, because of the lack of other review requests coming in.