Enhance checks for `java.security`

[Petzys]

Several edge cases come to mind that are currently not checked in the java.security plugin:

• JDK Version: Not all JDKs are guaranteed to use the jdk.tls.disabledAlgorithms property; this requires research which JDKs support this (at least OpenJDK)
• Multiple JDKs on the system: Currently, all java.security properties would be merged and it is purely random which java.security file overrides the others
• Check the source code context: The java.security plugin currently assumes that any component from a java file is using the JCA. But this could be completely false. We should check the source code context to verify it is using the JCA or a different crypto provider (e.g. bouncycastle).
• Dynamic Changes of the system properties via System.setProperty()
• Add support for more directives in the jdk.tls.disabledAlgorithms property: Currently only keySize is supported. Maybe supporting more directives, such as usage might be useful. This could also require checking the source code context.