Implement Tier-3 whitelist

[jemrobinson]

Following on from #312, we need to implement a whitelisted set of package mirrors. Initially this will be

• a single set of internal/external mirrors with a given whitelist
• part of the Safe Haven Managment production subscription
• added to the documentation on how to deploy a DSG group

[jemrobinson]

OK. That's a nice, large list of packages, but it definitely includes some non-packages. Examples include:

• CFFI_DEPENDENCY
• DISABLED
• Deprecated
• Theserequirementfilesareusedby
• Thisdirectorycontainspythonpackagerequirementsforbehave

Maybe running this list through pip search or similar could help identify which are really packages? Alternatively, you can always use conda search <package> --info to get all direct dependencies of all versions of the package on conda (not necessarily the same as all versions available through pip).