Rework Safenet serve content

[steven-cd]

This addresses various review comments received by email around the SafeNetServeContent class, for the purposes of the Keepsafe EU projects.

An overview of the changes:

• Making the work more generic, essentially replacing SafeNetServeContent with EntitlementCheckServeContent, i.e. a subclass of ServeContent that checks whether the user is entitled to see the content, and a general EntitlementRegistryClient responsible for checking that
• Other references to SafeNet have been removed, and mainly replaced with Keepsafe
• The org.lockss.platform.project = safenet configuration is not used any more, and instead org.lockss.entitlement.keepsafe.enabled = true would be used. Nobody except us would have been using that config parameter
• Similarly, other config parameters under org.lockss.safenet are now under org.lockss.entitlement
• Extraction of the bibliographic data necessary to check the entitlement from the metadata database, with the TDB files only used as fallback
• Various changes to make EntitlementRegistryClient thread-safe (raised in #2)
• Connection pooling in EntitlementRegistryClient (also from #2)
• Some changes based on changes to the external Keepsafe API

I can, if you wish, break this up further, and similarly could squash it into one commit, but I thought this was easier at the moment given the informal reviews we've done so far.