[FLINK-33309] Add -Djava.security.manager=allow

[snuyanzin]

What is the purpose of the change

Since because of JEP411 [1] starting from java 18 default value of java.security.manager will be disallow the PR adds allow optio where it is needed

Verifying this change

This change is a trivial rework / code cleanup without any test coverage.

Does this pull request potentially affect one of the following parts:

• Dependencies (does it add or upgrade a dependency): ( no)
• The public API, i.e., is any changed class annotated with @Public(Evolving): ( no)
• The serializers: ( no)
• The runtime per-record code paths (performance sensitive): ( no )
• Anything that affects deployment or recovery: JobManager (and its components), Checkpointing, Kubernetes/Yarn, ZooKeeper: ( no )
• The S3 file system connector: ( no )

Documentation

• Does this pull request introduce a new feature? ( no)
• If yes, how is the feature documented? (not applicable )

[flinkbot]

CI report:

• 805bf65 Azure: SUCCESS

Bot commands

The @flinkbot bot supports the following commands:

• @flinkbot run azure re-run the last Azure build

[zentol]

also needs to be added to env.java.opts.all in flink-conf.yaml

[snuyanzin]

thanks,
in fact explicit set of -Djava.security.manager=allow for java.opts.all in flink-conf.yaml leads to the same issue in ci[1] as mentioned in pom's comments

For that reason i put it in comments in flink-conf.yaml

UPD: Another idea is to add logic to config.sh which could add this parameter for java 21+ similar to the way how it is done in Ant [2]

[1] https://dev.azure.com/apache-flink/apache-flink/_build/results?buildId=53933&view=results
[2] apache/ant@0b028a2

[snuyanzin]

@flinkbot run azure

[zentol]

How compatible is this across JDK vendors?
This is gonna be annoying maintenance-wise because java 18,19,20 and 22 will all fail out-of-the-box.

[snuyanzin]

true, added condition if version > 17

i check across vendors
for adoptium it's present from th ebeginning https://github.com/adoptium/jdk/blob/d96f38b80c1606b54b9f3dbfe9717ab9653a0605/src/java.base/share/classes/java/lang/System.java#L745
same for Oracle https://docs.oracle.com/javase/8/docs/api/java/lang/System.html
also Corretto https://github.com/corretto/corretto-8/blob/8ffa94d858593e085f7729c65786da976b3c5985/jdk/src/share/classes/java/lang/System.java#L576
JetBrains https://github.com/JetBrains/JetBrainsRuntime/blob/d85d45d4c3a2aa91ca0a96ac7c51fed108aea784/src/java.base/share/classes/java/lang/System.java#L745
GraallVM https://github.com/oracle/graal/blob/b7efba369c9be8c76942495d731a4103c52ef4de/substratevm/src/com.oracle.svm.core/src/com/oracle/svm/core/jdk/SystemPropertiesSupport.java#L71

[snuyanzin]

@flinkbot run azure

[zentol]

bc isn't available in our CI image. any reason this cant use plain bash arithmetic?

[snuyanzin]

yes, I should have been checking that failure
the issue was with jdk 8 for which it returns 1.8

finally i replaced bc with usage of substring from latest dot till end