Verify (and possible mirror) PhantomJS download

[siepkes]

Somewhat related to #26. openam-ui-ria also manually pulls in PhantomJS with the frontend-maven-plugin plugin. Need to look in to how we can verify this download and possible mirror it.

To mirror it I already looked in to https://jfrog.com/knowledge-base/how-to-install-phantomjs-prebuilt/ which talks about using a generic mirror. I glanced over the settings in the Maven plugin but can't really see how to pin the version of PhantomJS it wants to download. Therefor it would be easier if we could use a generic remote repo since that automatically mirrors the remote site. The bug which the knowledge base article references is closed. However a quick test didn't work for me.

[pavelhoral]

We have switched from deprecated PhantomJS to Puppeteer.

Puppeteer is by default downloading browsers on demand and it is not verifying anything. The whole trust chain depends on the trusted remote sources. However Puppeteer can be configured to use preinstalled browsers - this is what we are doing in Dockerfile, although the reason there is to have aarch64 support.

Not sure if we need this issue open here or if we should rather address this in wrensec-ui project as this is not AM specific.