Let users configure security headers in their Webserver

Jenkins #14650

use `dbtableprefix` for temp table and index names

Read from IRequest instead of reading twice

Add a repair step to delete old tables

proper description of appcodechecker in config sample

[Master] Remove hacky Substring support for MSSQL

fix for loading spinner reappearing after errors in db-connection

Remove "Download from URL" feature

Allow configuring background job mode from the console

Fixes https://github.com/owncloud/core/issues/13326

Doing this in the PHP code is not the right approach for multiple reasons:

1. A bug in the PHP code prevents them from being added to the response.
2. They are only added when something is served via PHP and not in other cases (that makes for example the newest IE UXSS which is not yet patched by Microsoft exploitable on ownCloud)
3. Some headers such as the Strict-Transport-Security might require custom modifications by administrators. This was not possible before and lead to buggy situations.

This pull request moves those headers out of the PHP code and adds a security check to the admin settings performed via JS.

Maintenance mode message might be misleading

Disable the cache updater when doing the encryption migration

Cleanup config.sample.php

Don't swallow errors in console.php

fix files external test run and add common-tests option

Add detection for invalid CLI configuration for settings page

Shares should have a least read permission

* Throw 400 when a share is created or updated without read permissions
* Added unit tests

Show time difference of last cron run instead of absolute time

Disable some server checks when running on HHVM