Avoid using globs and wildcards on the staging directory multiple times
during the execution. Previously this lead to data races and
inconsistencies which also allowed to bypass checks due to the nature of
this TOCTOU problem.

Now as first step we collect all files of this transaction into an
associative array and only operate on this snapshot, avoiding any side
effects if further packages are uploaded during execution. On top all
checks are done before anything is released.

Release operations and state repo changes are collected into actions
before execution, which also avoids unnecessary NOP actions.

Additionally, execute checks in different batches, reducing the window
where the repository needs to be locked, which subsequently will block
release processes for a shorter period of time during large rebuilds.

Fixes #22
Fixes #35
Fixes #42

Signed-off-by: Levente Polyak <anthraxx@archlinux.org>