Changed composer installer script in the CI PHP example doc

The script will check some php.ini settings warn you if they
are set incorrectly, and then download the latest composer.phar
in the current directory. These lines will, in order:

- Download the installer SHA-384 to the current directory
- Download the installer to the current directory
- Verify the installer SHA-384 which you can also cross-check https://composer.github.io/pubkeys.html
- Run the installer
- Remove the installer & the installer SHA-384
Signed-off-by: Rémy Coutable <remy@rymai.me>

changelogs/unreleased/improve-ci-example-php-doc.yml

+---
+title: Changed composer installer script in the CI PHP example doc
+merge_request: 4342
+author: Jeffrey Cafferata

doc/ci/examples/php.md

@@ -235,7 +235,11 @@ cache:
 
 before_script:
 # Install composer dependencies
-- curl --silent --show-error https://getcomposer.org/installer | php
+- wget https://composer.github.io/installer.sig -O - -q | tr -d '\n' > installer.sig
+- php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
+- php -r "if (hash_file('SHA384', 'composer-setup.php') === file_get_contents('installer.sig')) { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"
+- php composer-setup.php
+- php -r "unlink('composer-setup.php'); unlink('installer.sig');"
 - php composer.phar install
 
 ...