use serialized instead of json version from php.net/release

[jhdxr]

php.net/release offers two version data:
http://php.net/releases/index.php?serialize
and
http://php.net/releases/index.php?json

I think we can switch to the serialized version so we no longer relay on the json module.

[c9s]

the security issue is the main concern, hence we decided to use json format instead of serialize.

but it's possible to add a switch (if json is not available, use serialize instead)

[jhdxr]

do you mean bugs like https://bugs.php.net/bug.php?id=70121 which leads to remote code execution?
we download the version list from php.net directly with https enabled, where I think the data should be safe. ( if php.net was hacked and the data were modified, I think the sources were not reliabed as well)

btw, I found two more extra problems / something may be can be improved:

1. if we use WgetCommandDownload, we pass --no-check-certificate to the wget command, I know that it was me that wrote that class, but I think I was just copying those code from somewhere else in the project, so I'm wondering if there is some special reason for doing so?
2. ReleaseList::downloadReleaseListFromOfficialSite will throw exception if openssl extension not found. IMO it's not required any more as we support downloader like WgetCommandDownloader or CurlCommandDownloader.