Dependency Housekeeping and how developers will benefit from it

[poikilotherm]

This issue is a story from or a blocker to #5292.
This issue is related to #4260, #5274, #3921, #4172 and more.
Please feel addressed @matthew-a-dunlap and @scolapasta 😉

While working on #4172 I discovered the problems noted down in #5274, which are in turn a left-over of #3921. This lead me to the impression, that the current pom.xml could use some love in terms of dependency management, hopefully avoiding more problems down the road. More and more deps keep kicking in while functionality is added to Dataverse. (As @pdurbin said on IRC: Dataverse 4.0 was around 45MB, 4.9.4 is at 146 MB)

I made some first steps primarily to address #5274, but this might be a could starting point for more work in this. Reducing WAR size, find wrong imports, update dependencies, address convergence issues and more...

Done so far (mostly for the resolution of #5274)

• Add initial dependency management for this via BOMs
• Add direct dependencies to Jackson as it is in use within the code.
• Remove JaCoCo compile scope dependency and fix resulting import errors from transitive deps not present anymore.
• Add checksums to the local_lib JARs to make Maven happier
• Write usefull docs (and rules?) about dependency management for old and new Dataverse developers (placed in a new section within the dev docs)

Things open (and will stay open till we are on Glassfish 5+, see #5274)

• Remove AWS SDK bundle and replace with "S3 only"
• Test the S3 stuff against some server to be sure it works, as no integration tests are present (see Running integration tests for more than just API #5068 and S3 URL Endpoint #4690)

Things to consider

• Think and talk about moving local_lib into a GitHub based "poor mans" Maven repo.
• Cleanup direct and transitive deps for the SWORDv2 code
• Think and talk about adding Maven Enforcer as a plugin permanently, maybe add it to the build cycle and fail builds on convergence issues.
• Address more/all conflicts from mvn enforcer:enforce
• Address issues from mvn dependency:analyze
• Think about replacing the retired Apache Abdera library with sth. like ROME - Note: ROME is used by Tika and included anyway.

[poikilotherm]

Please note that #5289 is not solving all of the aspects of this story. Those still need to be discussed. Ping to @matthew-a-dunlap and @scolapasta.

[pdurbin]

Over at http://irclog.iq.harvard.edu/dataverse/2018-11-27#i_80014 @poikilotherm let me know that he removed the commit that he believes was causing the exception @kcondon found at #5274 (comment) reported as "I'm able to build and use somewhat the resulting war file but it throws a stack trace about a missing method when I load the homepage and an exception (not logged) when clicking on a dataset card to view the dataset page."

@poikilotherm indicated that the change he made was the following:

"I removed the commit that removed the TrueZIP stuff and removed the commit that was changing the AWS dependency"

I moved this issue to code review at https://waffle.io/IQSS/dataverse