Provide OWASP dependency check as profile

[uhafner]

So modules can check their dependencies by calling mvn verify -Powasp.

The configuration requires that the environment variable NVD_API_KEY contains the API key for the NVD database download.

In CI workflows you need to specify the following snippet to scan for vulnerabilities:

    steps:
      - name: Set up JDK 21
        uses: actions/setup-java@v4
        with:
          distribution: 'temurin'
          java-version: 21
          check-latest: true
          cache: 'maven'
      - name: Set up Maven
        uses: stCarolas/setup-maven@v5
        with:
          maven-version: 3.9.9
      - name: Cache the NVD database
        uses: actions/cache@v3
        with:
          path: ~/.m2/repository/org/owasp/dependency-check-data
          key: dependency-check
      - name: Build with Maven
        env:
          NVD_API_KEY: ${{ secrets.NVD_API_KEY }}
        run: mvn -V --color always -ntp clean verify -Pci -Powasp | tee maven.log