[SECURITY-166] Make UI tests work across Jenkins versions

[SECURITY-125] Matrix project script security

[SECURITY-167] Followup tweaks to address review comments.

Fixes for SECURITY-166

Addresses some comments received after the original fix was merged.

SECURITY-167

defend against XXE attacks in core https://issues.jenkins-ci.org/browse/SECURITY-167

Reproducible for example via HelpLinkTest.testMatrixConfig.
Otherwise have: matrix-project → script-security → matrix-auth → windows-slaves → antisamy-markup-formatter → matrix-project
Tried to come up with a generic way of doing this automatically, but failed.
Just because we bundle a particular build of some plugin does not mean it was built against anything recent,
and for use on older cores it may well need some of those implicit dependencies.

Otherwise FingerprinterTest.matrixDependency throws an AbstractMethodError.

(cherry picked from commit 0bd831e2)

(cherry picked from commit 747d550c)

(cherry picked from commit 9259f873)

(cherry picked from commit 071951e6)

(cherry picked from commit b628b472)

(cherry picked from commit 04aace98)

(cherry picked from commit e4ba41d5)

(cherry picked from commit 5d9e4d7b)

(cherry picked from commit b9d8f554)

(cherry picked from commit 42195d83)

(cherry picked from commit dbed3044)

Conflicts:
	core/src/main/java/hudson/model/Run.java

(cherry picked from commit d72fda46)

(cherry picked from commit e405078e)

(cherry picked from commit 4aad749c)

Conflicts:
	core/src/main/java/hudson/matrix/MatrixBuild.java
	core/src/main/java/hudson/matrix/MatrixConfiguration.java
	core/src/main/java/hudson/matrix/MatrixProject.java
	core/src/main/resources/hudson/matrix/MatrixProject/configure-entries.jelly

These users can still be instantiated, as would happen if there is no security and an anonymous user triggers a build -- the anonymous user would correctly be created and added to the User list. This fix merely prevents the saving of that user, and therefore prevents them from logging in.

There may be some plugins which trigger a build as the SYSTEM user, and that is not prohibited here.

Also prevent full names of 'anonymous', 'system' or 'uknown'. As discussed on SECURITY-166 this may encumber auditing since full names are used in most places in the UI

add stack trace so the offending plugin/code can be identified

Atempt to set SAX specific properties to defend against XXE attacks.

Added a new EntityResolver that will throw an exception if any attempts
are made to load external entities.
Made the transforer use SAX so that we can use out EntityResolover.

As we can't defend against calls that have already parsed the xml (e.g.
DOMSource) if we are parsed one of those throw an exception (which can be
disabled with a System property.

[SECURITY-163] Non-browser-based DownloadService

In 20340e18 @daniel-beck suggested updating this text.

Avoids rechecking at every startup, mainly relevant during interactive testing when restarts may be quite frequent.