RFR: 8264859: Implement Context-Specific Deserialization Filters [v8]

[Roger Riggs]

> JEP 415: Context-specific Deserialization Filters extends the deserialization filtering mechanisms with more flexible and customizable protections against malicious deserialization.  See JEP 415: https://openjdk.java.net/jeps/415.
> The `java.io.ObjectInputFilter` and `java.io.ObjectInputStream` classes are extended with additional
> configuration mechanisms and filter utilities.
> 
> javadoc for `ObjectInputFilter`, `ObjectInputFilter.Config`, and `ObjectInputStream`:
>     http://cr.openjdk.java.net/~rriggs/filter-factory/java.base/java/io/ObjectInputFilter.html

Roger Riggs has updated the pull request incrementally with two additional commits since the last revision:

 - Moved utility filter methods to be static on ObjectInputFilter
   Rearranged the class javadoc of OIF to describe the parts of
   deserialization filtering, filters, composite filters, and the filter factory.
   And other review comment updates...
 - Refactored tests for utility functions to SerialFilterFunctionTest.java
   Deleted confused Config.allowMaxLimits() method
   Updated example to match move of methods to Config
   Added test of restriction on setting the filterfactory after a OIS has been created
   Additional Editorial updates

-------------

Changes:
  - all: https://git.openjdk.java.net/jdk/pull/3996/files
  - new: https://git.openjdk.java.net/jdk/pull/3996/files/141bf720..9573ae11

Webrevs:
 - full: https://webrevs.openjdk.java.net/?repo=jdk&pr=3996&range=07
 - incr: https://webrevs.openjdk.java.net/?repo=jdk&pr=3996&range=06-07

  Stats: 1040 lines in 7 files changed: 533 ins; 397 del; 110 mod
  Patch: https://git.openjdk.java.net/jdk/pull/3996.diff
  Fetch: git fetch https://git.openjdk.java.net/jdk pull/3996/head:pull/3996

PR: https://git.openjdk.java.net/jdk/pull/3996