RFR: 8367049: URL.openConnection throws StringIndexOutOfBoundsException in avm mode [v2]

[Oumaiyma Intissar]

> Constructing URLPermission with an empty/missing host in the authority (e.g., `"http:///path"`) could throw `StringIndexOutOfBoundsException`.
> 
> **Problem**
> Empty or malformed authorities reach HostPortrange, which does `charAt(0)` without checking, causing `StringIndexOutOfBoundsException`.
> 
> **Fix**
> - `URLPermission.Authority`: after stripping userinfo, fail fast if host part is empty.
> - `HostPortrange`: add guards for null/empty input and leading ':' (port without host).
> - No `HttpURLConnection` changes needed in JDK 26 (the `SecurityManager` permission path is gone).
> 
> **Compatibility**
> Only affects malformed inputs: previously `StringIndexOutOfBoundsException`, now `IllegalArgumentException`. Valid inputs unaffected.
> 
> **Testing**
> New jtreg test: `test/jdk/java/net/URLPermission/EmptyAuthorityTest.java` verifies `IllegalArgumentException` for malformed authorities and success for valid ones.

Oumaiyma Intissar has updated the pull request incrementally with one additional commit since the last revision:

  Fix missing newline at end of EmptyAuthorityTest.java
  
  Add missing newline at the end of the file.

-------------

Changes:
  - all: https://git.openjdk.org/jdk/pull/27896/files
  - new: https://git.openjdk.org/jdk/pull/27896/files/1d28e6fd..a4089913

Webrevs:
 - full: https://webrevs.openjdk.org/?repo=jdk&pr=27896&range=01
 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=27896&range=00-01

  Stats: 1 line in 1 file changed: 0 ins; 0 del; 1 mod
  Patch: https://git.openjdk.org/jdk/pull/27896.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/27896/head:pull/27896

PR: https://git.openjdk.org/jdk/pull/27896