Remove dependencies from libraries under category X licenses.

[snleee]

For an ASF project, its distribution should not contain any of work under
category X license. After running "mvn project-info-reports:dependencies",
three libraries are under category X libraries for our distribution package.
This PR resolves this issue.

1. Removed "pinot-perf" module from distribution package because pinot-perf
   module is pulling "jmh-core" based on GPL 2 license, which is a category X.
2. Bumped up the version of org.testng from 6.0.1 to 6.11 because the old
   version was pulling in "org.beanshell:bsh:2.0b4", which is also based on
   LGPL license. The newer version no longer pulls beanshell.
3. Bumped up the swagger version from 1.5.10 to 1.5.15. The old version was
   pulling "org.reflections:reflections:0.9.10", which pulls
   "com.google.code.findbugs:annotations", which was based on LGPL.

For the list of category X licenses, please refer
https://www.apache.org/legal/resolved.html

[felixcheung]

is there replacement for "pinot-perf" module?

[snleee]

@felixcheung pinot-perf module includes some benchmarking codes that are mainly used for measuring performances (e.g. dictionary, index reader, query engine..etc). Given that this is mainly for testing, I don't think that we need to include this for distribution package.

[felixcheung]

@snleee sure - keep in mind ASF release is primarily a source code release. sounds like pinot-perf (source code) is still there and so long as it doesn't contain source code in a different license.

it will help to have an README in the source to point out pinot-perf module is pulling "jmh-core" based on GPL 2 license, and instruction to build pinot-perf

[codecov-io]

Codecov Report

Merging #3718 into master will increase coverage by 0.28%.
The diff coverage is n/a.

@@             Coverage Diff              @@
##             master    #3718      +/-   ##
============================================
+ Coverage     67.01%   67.29%   +0.28%     
  Complexity        4        4              
============================================
  Files          1027     1027              
  Lines         50798    50796       -2     
  Branches       7091     7091              
============================================
+ Hits          34041    34182     +141     
+ Misses        14423    14284     -139     
+ Partials       2334     2330       -4

Impacted Files	Coverage Δ	Complexity Δ
...elix/core/relocation/RealtimeSegmentRelocator.java	74.48% <0%> (-7.15%)	0% <0%> (ø)
.../apache/pinot/common/config/RealtimeTagConfig.java	93.33% <0%> (-6.67%)	0% <0%> (ø)
...e/operator/dociditerators/BitmapDocIdIterator.java	60.71% <0%> (-3.58%)	0% <0%> (ø)
...e/operator/dociditerators/MVScanDocIdIterator.java	60.6% <0%> (-3.04%)	0% <0%> (ø)
.../core/indexsegment/mutable/MutableSegmentImpl.java	68.59% <0%> (-0.09%)	0% <0%> (ø)
...pinot/core/plan/maker/InstancePlanMakerImplV2.java	95.71% <0%> (-0.07%)	0% <0%> (ø)
...ntroller/helix/core/PinotHelixResourceManager.java	60.16% <0%> (+0.1%)	0% <0%> (ø)	⬇️
.../broker/routing/HelixExternalViewBasedRouting.java	89.06% <0%> (+0.32%)	0% <0%> (ø)	⬇️
...regation/function/customobject/QuantileDigest.java	58.18% <0%> (+0.44%)	0% <0%> (ø)	⬇️
...ot/common/protocols/SegmentCompletionProtocol.java	94.15% <0%> (+0.58%)	0% <0%> (ø)	⬇️
... and 25 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 26f2aad...7a96b5c. Read the comment docs.

[snleee]

@felixcheung As you mentioned, pinot-perf will still be included in the source code distribution while it won't be a part of binary distribution. I have added the documentation on how to build & run pinot-perf module from the source code and added a note that this module will pull jmh which is under GPL 2 license.