Add IAST Security Control tests for java springboot

[jandro996]

Motivation

Add Iast security controls system tests for Milestone 0 (RFC)

Changes

New test_security_controls.py that covers all the RFC test cases

DD_IAST_SECURITY_CONTROLS_CONFIGURATION variable will differ for each tracer, as it represents the configuration of the security controls. For instance, in Java, a possible value could be:

INPUT_VALIDATOR:COMMAND_INJECTION:bar.foo.CustomInputValidator:validate,

whereas for Node.js it might be:

INPUT_VALIDATOR:COMMAND_INJECTION:bar/foo/custom_input_validator.js:validate.

Workflow

1. ⚠️ Create your PR as draft ⚠️
2. Work on you PR until the CI passes (if something not related to your task is failing, you can ignore it)
3. Mark it as ready for review
   • Test logic is modified? -> Get a review from RFC owner. We're working on refining the codeowners file quickly.
   • Framework is modified, or non obvious usage of it -> get a review from R&P team

🚀 Once your PR is reviewed, you can merge it!

🛟 #apm-shared-testing 🛟

Reviewer checklist

• If PR title starts with [<language>], double-check that only <language> is impacted by the change
• No system-tests internal is modified. Otherwise, I have the approval from R&P team
• CI is green, or failing jobs are not related to this change (and you are 100% sure about this statement)
• A docker base image is modified?
  • the relevant build-XXX-image label is present
• A scenario is added (or removed)?
  • Get a review from R&P team

[jandro996]

@cbeauchesne any ideas related with the DD_IAST_SECURITY_CONTROLS_CONFIGURATION configurable for different tracers?