Add test for disallowing blanket runtime permission (#67299)

Runtime permissions in the java security manager can be specific, or use
a wildcard for the name. This commit adds a test to ensure a blanket
policy allowing all runtime permissions is denied.

Author: rjernst

qa/evil-tests/src/test/java/org/elasticsearch/bootstrap/PolicyUtilTests.java

@@ -317,6 +317,8 @@ public void testModulePolicyAllowedPermissions() throws Exception {
         "java.lang.RuntimePermission setDefaultUncaughtExceptionHandler",
         "java.lang.RuntimePermission preferences",
         "java.lang.RuntimePermission usePolicy",
+        // blanket runtime permission not allowed
+        "java.lang.RuntimePermission *",
         "java.net.NetPermission setDefaultAuthenticator",
         "java.net.NetPermission specifyStreamHandler",
         "java.net.NetPermission setProxySelector",