CAMEL-23319: Add deserialization filtering to camel-mina converter

[oscerd]

Summary

Mirrors the change applied to camel-netty in CAMEL-23297. `MinaConverter.toObjectInput(IoBuffer)` now installs an `ObjectInputFilter` on the returned `ObjectInputStream`:

• If a JVM-wide filter is configured (`ObjectInputFilter.Config.getSerialFilter()`), it is reused as-is.
• Otherwise a default Camel filter is applied: `java.;javax.;org.apache.camel.**;!*`.

The default allowlist matches the one already in use by `NettyConverter`.

Tracked as CAMEL-23319. Same hardening pattern as CAMEL-23297 (camel-netty), camel-leveldb, and camel-consul.

Test plan

• New `MinaConverterTest.testToObjectInputAcceptsAllowlistedTypes` — verifies a `java.lang.String` round-trips through `toObjectInput`.
• New `MinaConverterTest.testToObjectInputRejectsUnlistedTypes` — verifies a serializable type from a non-allowlisted package (`com.example.external.NotAllowedSerializable`) is rejected with `InvalidClassException`.
• `mvn -Dtest=MinaConverterTest test` - 7/7 pass
• `mvn clean install -DskipTests` from project root - clean build, no catalog/DSL regen needed (signature unchanged)

---

Claude Code on behalf of Andrea Cosentino

[github-actions]

🌟 Thank you for your contribution to the Apache Camel project! 🌟
🤖 CI automation will test this PR automatically.

🐫 Apache Camel Committers, please review the following items:

• First-time contributors require MANUAL approval for the GitHub Actions to run
• You can use the command /component-test (camel-)component-name1 (camel-)component-name2.. to request a test from the test bot although they are normally detected and executed by CI.
• You can label PRs using skip-tests and test-dependents to fine-tune the checks executed by this PR.
• Build and test logs are available in the summary page. Only Apache Camel committers have access to the summary.

⚠️ Be careful when sharing logs. Review their contents before sharing them publicly.