Making the PrivateBin container image more robust

[elrido]

Dear @hoellen,

Please find attached some changes to the PrivateBin docker image, the main goal being to implement the projects recommendations for installation of the software. The key changes and reasoning for them:

• adding a gpg signature check for the PrivateBin archive - while it is downloaded over HTTPS, this guarantees the archive hasn't been tampered with after we signed the release archive.
• splitting the installation between web root and libraries / data - further reduces any risk of exposing unparsed PHP files or even data (I kept the current /privatebin folder for the data, the web root now is in /srv).
• made the image support read-only operation - this is optional, but prevents any exploits to change the scripts or binaries in the container.
• removed ca-certificates & libressl packages from BUILD_DEPS, since they are already installed in the hoellen/nginx-php container as a curl dependency and therefore fail to be removed in this layer.

Thank you for maintaining these @Wonderfall containers and especially the PrivateBin one. I hope you find these changes useful. Let me know if you would like me to adjust any of these points.

Best regards,
El RIDO

[elrido]

FYI: I have merged your latest changes and updated the PR for the new release 1.2.1.

[hoellen]

Thank your very much @elrido for your effort!
It looks really good and I merging this in a new branch for now.

[hoellen]

After some testing I merged it into master. Thank you very much!