LUCENE-10101: Use getField() instead of getDeclaredField() to minimize security impact by analysis SPI discovery

[uschindler]

Before creating a pull request, please file an issue in the ASF Jira system for Lucene:

• https://issues.apache.org/jira/browse/LUCENE-10101

Description

This PR changes the AnalyisSPILoader's method to lookup the NAME field of the SPI to use Class#getField() instead of Class#getDeclaredField(). This does not require special security privileges if the class is in a related classloader. As getField() unfortunately also looks into superclass if the field is not found, the checks for validness of the field have to be changed to check the declaring class. In contrast, the public check is obsolete, as only public fields are returned.

Tests

Testing is hard, as our security policy of tests allows to do declared member access. So no test will be added. Testing will be done by Elasticsearch people (@romseygeek).

Checklist

Please review the following and check all that apply:

• I have reviewed the guidelines for How to Contribute and my code conforms to the standards described there to the best of my ability.
• I have created a Jira issue and added the issue ID to my pull request title.
• I have given Lucene maintainers access to contribute to my PR branch. (optional but recommended)
• I have developed this patch against the main branch.
• I have run ./gradlew check.
• I have added tests for my changes.

[romseygeek]

LGTM, thanks @uschindler! cc @rjernst