inject sha256 labels for all target packages

[mathias-luedtke]

This PR addresses the SHA256 injection as proposed in osrf/docker_images#376

• package handling functions have been refactored (breaks API) to parse the data only once
• getPackageVersions returns list of dict(name, version, sha256) instead string
• Dockerfile templates have been updated to use a common snippet
• whitespace still differs a little bit
• all packages get installed with apt-get install -y --no-install-recommends

I can update the common snippet to take a list of aptarguments, if needed.

[mikaelarguedas]

This looks great!

We should likely move some of these templates in a graveyard folder as some of them apply to images that will not be regenerated. (@ruffsl WDYT?)

Of the top of my head the changes to the following don't seem necessary (although don't hurt either):

• docker_templates/templates/docker_images/create_drcsim_image.Dockerfile.em
• docker_templates/templates/docker_images/create_gzserverX_image.Dockerfile.em

With or without the changes to the aforementioned files reverted, this PR looks good to me 👍

On the docker_images side, we'll likely need to update only a subset to not modify the Dockerfiles of the EOL images that are not rebuilt anymore. I'll comment directly on osrf/docker_images#454 for those comments

[ruffsl]

We should likely move some of these templates in a graveyard folder as some of them apply to images that will not be regenerated. (@ruffsl WDYT?)

Moving the template files would require the update of the paths in the respective images.yaml.em files. Perhaps best revisited in a separate PR.

[mikaelarguedas]

Thanks again @ipa-mdl for working on this !

[ruffsl]

Thanks @ipa-mdl ! Next we'll need to work on automating the upstream PRs with our @osrf-docker-builder bot.