RFR: 8367049: URLPermission.<init> throws StringIndexOutOfBoundsException in avm mode [v7]

[Oumaiyma Intissar]

> Constructing URLPermission with an empty/missing host in the authority (e.g., `"http:///path"`) could throw `StringIndexOutOfBoundsException`.
> 
> **Problem**
> Empty or malformed authorities reach HostPortrange, which does `charAt(0)` without checking, causing `StringIndexOutOfBoundsException`.
> 
> **Fix**
> - `URLPermission.Authority`: after stripping userinfo, fail fast if host part is empty.
> - `HostPortrange`: add guards for null/empty input and leading ':' (port without host).
> - No `HttpURLConnection` changes needed in JDK 26 (the `SecurityManager` permission path is gone).
> 
> **Compatibility**
> Only affects malformed inputs: previously `StringIndexOutOfBoundsException`, now `IllegalArgumentException`. Valid inputs unaffected.
> 
> **Testing**
> New jtreg test: `test/jdk/java/net/URLPermission/EmptyAuthorityTest.java` verifies `IllegalArgumentException` for malformed authorities and success for valid ones.

Oumaiyma Intissar has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains two additional commits since the last revision:

 - Merge branch 'openjdk:master' into 8367049
 - 8367049: URLPermission.<init> throws StringIndexOutOfBoundsException in avm mode

-------------

Changes:
  - all: https://git.openjdk.org/jdk/pull/27896/files
  - new: https://git.openjdk.org/jdk/pull/27896/files/d154b1db..543f2379

Webrevs:
 - full: https://webrevs.openjdk.org/?repo=jdk&pr=27896&range=06
 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=27896&range=05-06

  Stats: 335412 lines in 3196 files changed: 215606 ins; 75843 del; 43963 mod
  Patch: https://git.openjdk.org/jdk/pull/27896.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/27896/head:pull/27896

PR: https://git.openjdk.org/jdk/pull/27896