new subcommand: pull_verify to only pull the binary package

Hans-Christoph Steinerrequested to merge
eighthave/fdroidserver:buildbot-subcommands-pull_verify into master

fdroid pull for production builds pulls all of the files needed to publish, including the src.tar.gz and in the future, perhaps also the extracted icons. For reproducible builds verification, only the built package is needed, and the rest may not even be produced. pull_verify is for this case.

This is based on !1714 (merged) so it has a commit from it.

Merge request reports