exposed data about installed plugins, installable plugins, update center jobs, etc., to the REST API

Previously, the untar code tries to set the last modified time and mode
on every untarred file.  However, if the tar contains a broken symlink,
or a symlink that points to a file that has not been untarred yet, the
time/mode setting would fail on the broken symlink.

Symlinks don't have meaningful modified times or modes of their own, so
only set these values on non-symlinks.

Rename the file "a" in the test to expose the bug.

If a resource with 'Set-Cookie' header is cached (either by intermediary
like HTTP proxy and reverse proxy, or by the browser), it'll cause
identity swap / session mix-up as discussed in this ticket.

I suspect this was caused by HttpSessionContextIntegrationFilter2, which
is the only code path that attempts to create a session when a request
to a static resource is made.

So I'm disabling the creation of session in
HttpSessionContextIntegrationFilter2. This in turn requires that we
have sessions already created when the authentication was successful and
people need to login (or else the login will have no effect.)

We already do so in layout.jelly, so any request that renders a Jenkins
page would have a session, but I've also added it in
AuthenticationProcessingFilter2, which ensures that a successful login
does have a session.

When a client uses the buildWithParameters API and request a json output, return the job definition as a json string instead of doing a redirect on the job page.

Conflicts:

	changelog.html

(cherry picked from commit 2e5a7bf4)

This reverts commit 9a1ad74b. The bits
aren't yet synchronized to central apparently.

Conflicts:

	changelog.html

This is also related to [JENKINS-9778].

[FIXED JENKINS-8214] Added a DISCOVER permission to allow anonymous users to be presented the login screen when accessing job URLs