Add IAST Security Control tests for java springboot

[jandro996]

Motivation

Add Iast security controls system tests for Milestone 0 (RFC)

Changes

New test_security_controls.py that covers all the RFC test cases
Only covers java springboot weblog variant

As it is currently implemented, the new scenario IAST_SECURITY_CONTROLS will only work for Java since these tests have the particularity that the DD_IAST_SECURITY_CONTROLS_CONFIGURATION variable will differ for each tracer, as it represents the configuration of the security controls. For instance, in Java, a possible value could be:

INPUT_VALIDATOR:COMMAND_INJECTION:bar.foo.CustomInputValidator:validate,

whereas for Node.js it might be:

INPUT_VALIDATOR:COMMAND_INJECTION:bar/foo/custom_input_validator.js:validate.

Therefore, this is something that would need to be adjusted when other languages implement these tests, or alternatively, this PR could be modified to prepare it to support configurations based on the specific language.

Workflow

1. ⚠️ Create your PR as draft ⚠️
2. Work on you PR until the CI passes (if something not related to your task is failing, you can ignore it)
3. Mark it as ready for review
   • Test logic is modified? -> Get a review from RFC owner. We're working on refining the codeowners file quickly.
   • Framework is modified, or non obvious usage of it -> get a review from R&P team

🚀 Once your PR is reviewed, you can merge it!

🛟 #apm-shared-testing 🛟

Reviewer checklist

• If PR title starts with [<language>], double-check that only <language> is impacted by the change
• No system-tests internal is modified. Otherwise, I have the approval from R&P team
• CI is green, or failing jobs are not related to this change (and you are 100% sure about this statement)
• A docker base image is modified?
  • the relevant build-XXX-image label is present
• A scenario is added (or removed)?
  • Get a review from R&P team

[jandro996]

@cbeauchesne any ideas related with the DD_IAST_SECURITY_CONTROLS_CONFIGURATION configurable for different tracers?