[FIXED JENKINS-22769] ItemListener callbacks should run as SYSTEM since they sometimes do ACL-checked calls.

The actual fix is made in 040b7d40
through winp.

This version checks the critical flag of the process, as killing such a
process results in BSoD.

Integrated the fix in remoting to Jenkins 1.580.

Ubuntu (at least as of 12.04) has the default umask 022, which made some
users nervous. Quoting its /etc/login.defs below, which explains its
historical origin:

  UMASK is the default umask value for pam_umask and is used by
  useradd and newusers to set the mode of the new home directories.
  022 is the "historical" value in Debian for UMASK
  027, or even 077, could be considered better for privacy
  There is no One True Answer here : each sysadmin must make up his/her
  mind.

It does seem to me that a bit more restrictive default is sensible,
so this change introduces /etc/default/jenkins parameter that sets the
default umask to 027 to prevent "others" from seeing files.

Not that keys and other sensitive files are protected anyway, so it is
not the case that the privacy of Jenkins data files have been vulnerable
prior to this change.

[FIXED JENKINS-23522] Defend against stack overflows when a listener (unnecessarily) called super from a deprecated method.
Fixes #1295 a little differently.

Adapted from #1375 by @daniel-beck: omitting change to User construction, and adding test.
(cherry picked from commit 088edabb)

Conflicts:
	changelog.html

Adapted from #1375 by @daniel-beck: omitting change to User construction, and adding test.

[FIXED JENKINS-24358] RunSaveableReference.get can acquire locks, so avoid calling it while holding a lock on ourselves.

Added no-store to the Cache-Contorl header

Reference: http://stackoverflow.com/questions/866822/why-both-no-cache-and-no-store-should-be-used-in-http-response
Reference: http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9.2