fix incorrect lazy initialization of the list of HTTPS pins

findbugs tells us:

Incorrect lazy initialization and update of static field org.fdroid.fdroid.
FDroidCertPins.PINLIST in org.fdroid.fdroid.FDroidCertPins.getPinList().
This method contains an unsynchronized lazy initialization of a static
field. After the field is set, the object stored into that location is
further updated or accessed. The setting of the field is visible to other
threads as soon as it is set. If the futher accesses in the method that set
the field serve to initialize the object, then you have a very serious
multithreading bug, unless something else prevents any other thread from
accessing the stored object until it is fully initialized.

Even if you feel confident that the method is never called by multiple
threads, it might be better to not set the static field until the value you
are setting it to is fully populated/initialized.

src/org/fdroid/fdroid/FDroidCertPins.java

@@ -36,8 +36,9 @@ public class FDroidCertPins {
 
     public static String[] getPinList() {
         if (PINLIST == null) {
-            PINLIST = new ArrayList<String>();
-            PINLIST.addAll(Arrays.asList(DEFAULT_PINS));
+            ArrayList<String> pinlist = new ArrayList<String>();
+            pinlist.addAll(Arrays.asList(DEFAULT_PINS));
+            PINLIST = pinlist;
         }
 
         return PINLIST.toArray(new String[PINLIST.size()]);