Option to skip library download during init

The init tool offers a mechanism to download a required library like
BouncyCastle during installation, and to remove "stale" versions of
that library from the lib/ folder if specified in libraries.config.
However, init does not check (and in general cannot check) that
the library actually is stale, but forcefully replaces it with the
version stated in libraries.config.

For security critical libraries like BouncyCastle this is dangerous,
especially when doing a batch install. In that case, init may silently
download a potentially vulnerable library version and replace a more
secure version already residing in the lib/ folder.

This patch adds two new options to the init program to disable the
automatic library download altogether, or selectively:

--skip-all-downloads switches the download mechanism off completely;

--skip-download <lib> switches the download off for the given library
  (<lib> being the section name of a library in libraries.config).

Change-Id: I1df60b2fd7a4bf519b135e16deebb68a3b9095ef
Signed-off-by: Michael Ochmann <michael.ochmann@sap.com>

gerrit-pgm/src/test/java/com/google/gerrit/pgm/init/LibrariesTest.java

@@ -26,6 +26,7 @@ import com.google.inject.Provider;
 import org.junit.Test;
 
 import java.nio.file.Paths;
+import java.util.Collections;
 
 public class LibrariesTest {
   @Test
@@ -40,7 +41,7 @@ public class LibrariesTest {
       public LibraryDownloader get() {
         return new LibraryDownloader(ui, site);
       }
-    });
+    }, Collections.<String> emptyList(), false);
 
     assertNotNull(lib.bouncyCastleProvider);
     assertNotNull(lib.mysqlDriver);