[pillow] Pillow build improvements

[wiredfool]

This depends on python-pillow/Pillow#5189, which sets the zipsafe flag to false in setup.py. Merged

There are several things going on here, and I'm willing to split them into issue specific changes if required. (btw, I'm an owner of pillow)

• make install-req is only for development dependencies -- test runners and doc builders. It's not required here.
• Test using the library versions built for binary distribution, built with the same scripts as for releases. Out of the box, oss-fuzz installs libraries from ubuntu 16.04, and we're using the latest patch releases of the upstream sources for these dependencies. The distribution manylinux wheels are built on centos, so there's a bit of tweaking to make them build here. (e.g., linking yum to /bin/true, while preinstalling the dependencies). Note here that the libraries are downloaded and built at the build_image stage, not the build_fuzzer stage.
• Don't install in develop mode, build in /tmp, install into site-packages. This minimizes the impact on the source tree when running a custom version.
• Link was missing libwebpdemux.

[jonathanmetzman]

This need to be copyright "Google LLC"
(if you don't want to do this, I suggest putting the file outside of the OSS-Fuzz repo and pulling it in)

[jonathanmetzman]

nit: also 2021

[wiredfool]

I don't really care, it's not that big of a script, but it might wind up elsewhere.

However,

• The tests asks for a license block, they do not state what license.
• The contributing.md doesn't mention this, and specifically says:

  The CLA is necessary mainly because you own the copyright to your changes,

[inferno-chromium]

Can you use this license header. We can improve CONTRIBUTING.md later to mention this, any patches welcome to add it to that documentation

# Copyright 2021 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#      http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing perepo_managerissions and
# limitations under the License.

[wiredfool]

perepo_managerissions?

IANAL, but ... That doesn't look right.

I'm not even sure what autocorrect was on when it did that.

[inferno-chromium]

Here is corrected one

# Copyright 2021 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#      http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.