Adds the option to specify a docker image hash to use for the base vm
and for descriptors

make-base-vm can be run with --docker to create a dockerfile and
docker image for the specified arch and suite.

This adds an option `-p` or `--verify-program` to be able to override
`gpg` as used by default.

This is useful on Ubuntu 16.04 where `gpg` still gpg 1.x,
and it is desireable to use `gpg2` instead to be able to verify ECDSA
signatures and such.

It can be confusing to new users for make-base-vm to create a lucid vm
by default, so switch to xenial, which is also a LTS release, but isn't
EOL yet. Using lucid with gitian-builder is broken anyway, because
lucid has been moved to old-releases.ubuntu.com since it is EOL and
gitian-builder doesn't support old-releases.ubuntu.com.

So you can make local copy of /usr/share/debootstrap/ and
e.g. add there missing e.g. "xenial" or other script/template,
without mucking around in system directory managed by
package manager.

- apropos to a discussion about merge request #36, added a flag in the descriptor and command line flag.
- adding sudo: true in the yml file plus adding a command line flag --allow-sudo will allow script user to elevate permissions with no password.

According to the Debian wiki, installing the package grub installs the
correct version of grub for your suite automatically. This fixes a "you
have held broken packages" error when creating the package manifest due
to a conflict between grub-pc and grub-legacy (at least with Wheezy).

Check for older suites with 686 flavour before checking for 686-pae
flavour suites, because the former should never change, but the latter
would have to be changed whenever a new suite was released if it wasn't
the last if statement.

Wheezy on up has linux-image-686-pae. Squeeze on down has
linux-image-686.

This is so that old Gitian descriptors don't break.

It seems like a lsb_release program should be available on any distro if
the appropriate package is installed. So it seems better to use
lsb_release instead of /etc/lsb-release, because Debian doesn't appear
to have /etc/lsb-release.

The build process for [Bitcoin](https://github.com/bitcoin/bitcoin/blob/master/doc/gitian-building.md) was failing with the following error

```
./bin/gbuild:21:in `system!': failed to run on-target setarch x86_64 bash -x < var/build-script > var/build.log 2>&1 (RuntimeError)
        from ./bin/gbuild:137:in `build_one_configuration'
        from ./bin/gbuild:267:in `block (2 levels) in <main>'
        from ./bin/gbuild:262:in `each'
        from ./bin/gbuild:262:in `block in <main>'
        from ./bin/gbuild:260:in `each'
        from ./bin/gbuild:260:in `<main>'
```

Inside the log file `var/build.log` the entries towards the end show

```
/bin/sh: 1: wget: not found
```

This should allow anyone to write any signing program and use it in
conjunction with gsign as long as it supports the same options/arguments
as gpg does (namely -u for the signer and an argument for the file to
sign).

Relies on a script in the Armory source tree to handle the actual
signing.

fixes #86

fixes #85

fixes #84

This reverts commit dcf28c8b86.

due to issue #74 - branches don't work

Rather than uploading every checked-out file of a repository and the
repository objects themselves, skip the checkout and instruct git to compact
before upload. The result is that only a handful of files are transferred,
rather than hundreds or thousands for large repositories.

The HEAD ref is updated before upload so that a hard reset works as before on
the target. The reflog is also disabled in order to avoid uploading useless log
files.

This change is backwards-compatible, but it will only have an effect on new
repositories.