Improve steps for creating gradle dependencies lists for projects
The steps we have for creating lists of gradle dependencies are still not bullet proof. I stumbled across a case where a download got attempted but then a redirect happened which included a different URL and which finally failed. Our current instructions don't cope with that case (and probably other corner cases neither).
I've thinking about that and feel we can do better if we mimmick gradle's behavior more:
- We keep the first step we currently have (extracting all the attempted downloads)
- We actually try to download all those resources ourselves and compute their sha256 sum.
- Download failures are easily removable (no sha256 sum is created in that case) and we just remove the successful duplicates.