Add a 'retry' option which allows to configure how many
retries pip should make before giving up on HTTP request.
When the retries count is specified by user, its value is
passed to HTTPAdapter from requests which handles all
the underlying operations.
* PEP381 Mirroring support was never fully implemented leaving
users of it trivially exploitable to a MITM or malicious mirror
operator.
* 2 out of 6 of the mirrors have been removed from the pool and
will never resolve.
* The remaining mirrors often fall behind
* The mirrors will likely never be available under HTTPS
* People who wish to use a mirror of PyPI can still do so by
manually specifying a mirror url for --index-url or
--extra-index-url which is more flexible, allowing for
mirrors to be hosted under any domain.
* Links and HTMLPages know if they are "trusted"
* File Links know if they are safe or not
* A "Safe" file Link comes from a trusted Link/HTMLPage and has
a hash allowing verification of the download
* Adds a --allow-unsafe PACKAGE argument to allow unsafe files on
a per package basis
* Optimizes scraping external sites by short circuiting if
the current trust rules won't allow using it's files anyways
* By default ignore external links
* Add the ``--allow-external`` flag that enables external links
globally
* Fallback to allowing all links if we cannot determine the
API version of the parsed page
* Inform the user of ``--allow-external`` if nothing was found
to install
