Dockerfile should version pin third party software and retrieve them from upstream instead of using COPY

[eburgueno]

As discussed in https://github.com/lfaino/LoReAn/issues/19#issuecomment-496382313:

1. Using COPY is the wrong way to achieve this. I can't know if the file you copied came from a reputable origin or if you're including malware. The way to ensure that the versions of the software don't change is to download them from inside the Dockerfile directly, pointing to a URL that gets the version you want (ie: wget https://path/to/some/software/version-1.1.tgz; tar -xzf version-1.1.tgz; etc).
2. In your Dockerfile you are using git to clone some external repositories, but you're not specifying with version/release/commit/point in time in the repo to use. If new features are added or existing features change in those git repositories, the next time you build the image you may end up with a version that introduces breaking changes. There are two ways to work around this problem:
3. Use the URLs provided by the "Releases" tab in GitHub, which tag specific versions; if available.
4. After git clone, use git checkout and specify the exact hash for the commit id that provides the version you want to use.

[lfaino]

@eburgueno i did change the docker and I think that now it is better can you give me an opinion?

Cheers Luigi