See, for example, https://github.com/moby/moby/issues/18017; ARG may
invalidate following `RUN` statements because it implicitly alters the
build context.

Also, use
* apt.local.conf
* ubuntu-16.04.sources.list

Fix #64

- add org.label-schema LABELs for version, build-date, vcs-url

- use latest 8.0 tomcat version (=8.0.53)
- build and install Apache Tomcat Native Library
- use mirror://mirros.ubuntu.com URL schema in apt.sources to speed up
  downloads
- add org.label-schema LABELs for version, build-date, vcs-url
- reduce multiple apt-get update/install invocations

In certain situations, for example, when checking the "Other versions"
dropdown menu a request (possibly after a redirect) is made to
`port:8443`. Of course, this results in an error (because the
clarin-dspace is behind a reverse proxy).
```
OPTIONS https://clarin.eurac.edu:8443/repository/rest/handle/20.500.12124/6/refbox net::ERR_CONNECTION_TIMED_OUT
```

Here, we make sure tomcat will only redirect to `port:443` which is the
port the reverse proxy serves.

So far, we have used TLS certs from eurac's IT. Now, we (re-)use k8s
infrastructure (in particular the kube-lego add-on) and let kube-lego
- request/renew TLS certificates
- manage the certificate within a k8s secret
We then make this k8s secret available to our nginx and configure nginx
to use it.

We also got rid of internal TLS communication between ingress and the
apps avoiding the necessity to (re-)create valid/self-signed certs. The
overhead seemed unnecessary.

Note: using HTTP(!) over port 443 for internal communication (Shibboleth mishap)

Fix #62