Add GroovyCollections to the sandbox whitelist

Also clarify in the docs that changing the whitelist/blacklist settings
replace the list, they don't add to it.

Fixes #7089
Fixes #7088

docs/reference/modules/scripting.asciidoc

@@ -233,6 +233,9 @@ that can be used for configuring this sandbox:
     Flag to disable the sandbox (defaults to `true` meaning the sandbox is
     enabled).
 
+When specifying whitelist or blacklist settings for the groovy sandbox, all
+options replace the current whitelist, they are not additive.
+
 [float]
 === Automatic Script Reloading
 

src/main/java/org/elasticsearch/script/groovy/GroovySandboxExpressionChecker.java

@@ -88,6 +88,7 @@ public GroovySandboxExpressionChecker(Settings settings) {
 
     // Default whitelisted receiver classes for the Groovy sandbox
     private final static String[] defaultReceiverWhitelist = new String [] {
+            groovy.util.GroovyCollections.class.getName(),
             java.lang.Math.class.getName(),
             java.lang.Integer.class.getName(), "[I", "[[I", "[[[I",
             java.lang.Float.class.getName(), "[F", "[[F", "[[[F",

src/test/java/org/elasticsearch/script/GroovySandboxScriptTests.java

@@ -47,6 +47,8 @@ public void testSandboxedGroovyScript() {
         testSuccess("def v = doc['foo'].value; def m = [:]; m.put(\\\"value\\\", v)");
         // Times
         testSuccess("def t = Instant.now().getMillis()");
+        // GroovyCollections
+        testSuccess("def n = [1,2,3]; GroovyCollections.max(n)");
 
         // Fail cases
         testFailure("pr = Runtime.getRuntime().exec(\\\"touch /tmp/gotcha\\\"); pr.waitFor()",