Improve comparison of git and release archive source trees

[abesto]

(Watch out, this is on top of #2 to avoid future rebase pain, you probably only want to look at the last commit when reviewing)

The previous way allowed differences in the other direction from what we like, for example having mvnw in the source archive but NOT in the git checkout would've been fine. After staring at the output of diff --recursive for a while and contemplating how to parse it well, I decided the proper way is to move the whole logic to Python. Luckily the standard library has a module for comparing directories, so this PR takes that, and uses it to ensure we see only differences we like.

To test, I used python main.py brave-karaf 0.1.2 --gpg-key BB67A050 --git-hash 3cf4ac6577eb0d4775d20f24814e7a0852fa1635. I've removed .gitignore from allowed_left_only and Jenkinsfile from expected_top_level_git_only, which yielded a failure on the check_git_revision check with the below output:

[FAIL] git revision
Expected exactly the below files to be only in the git checkout, but not in the source release:
.git .gitignore mvnw.cmd mvnw .mvn
but instead found these:
.git .gitignore .mvn Jenkinsfile mvnw mvnw.cmd

/tmp/tmpyxm75p14/git/incubator-zipkin-brave-karaf.git/itests/.gitignore is only in the git checkout

See above for a full output of diff.

After adding them back in, the check passes:

[PASS] git revision

[abesto]

Meh, and this is still not quite good enough: that blacklist needs to be applied across all the source tree, not just the top level.

[abesto]

There, I'm feeling good about this one.