External entity resolution is not supported by PDE (see
PDECoreMessages.XMLErrorReporter_ExternalEntityResolution) but still the
SAXParser did follow external links where DefaultHandler.resolveEntity
was not overwritten.
At many places PDE already overwrote DefaultHandler.resolveEntity to
prevent external resolution. With the new configuration that method is
not even called anymore.

This change offers and uses a configuration that
* reports an Exception if .xml contains DOCTYPE or
* does just ignore external references (as a fall back if the exception
would show up to cause trouble).

Also the caching of used parsers in possibly other threads is removed
because the SAXParser is not guaranteed to be thread-safe. Only the
factory is reused, because that is effectively final after creation.
Reusing SAXParser is not a big help nowadays - see
XmlParserFactoryTest.main(String[]) for performance test.
In my measurement successive parser creations takes only ~ 0.06 ms.