Some IDEs download additional artifacts that a plain command-line
Gradle build won't use, which means Gradle won't automatically manage
them in verification-metadata.xml either. Compromise by only strictly
checking dependencies at certain boundaries, rather than on every
build action.
Gradle's "build" action includes running tests; it's "assemble" that
doesn't. So we've been redundantly asking to run tests for a while,
and that currently does extra work due to the testing-fns variant
builds of the Android libraries. Just remove it.
And adjust the existing ENCLAVE_SECRET tests and examples to use this
(including Rust and Node's).
This also requires adding an AndroidManifest.xml that notes the tests
might use the network.
-i (interactive) and -t (allocate a tty) allow the shell running
inside Docker to handle Ctrl-C (^C) and other shell commands, so you
can stop a command in the interactive process you ran it. However,
they only work if the containing shell (the one where you ran `docker
run`) is also interactive with a tty hooked up, so we test for that
first in both scripts that invoke `docker run`, using `test -t`.
--init passes signals from *outside* Docker down to its subprocesses,
so that cancellation from *another* context works for our Docker
images. This includes the Cancel button in GitHub Actions.
