Tighten which classes can exit

Today we allow exiting solely by being in certain packages. This commit
upgrades the securesm dependency to a new version that supports being
explicit about which classes can exit. We utilize that here to only
allow exiting from the uncaught exception handler and the base CLI
command class.

Relates #27482

core/build.gradle

@@ -55,7 +55,7 @@ dependencies {
   compile "org.apache.lucene:lucene-spatial3d:${versions.lucene}"
   compile "org.apache.lucene:lucene-suggest:${versions.lucene}"
 
-  compile 'org.elasticsearch:securesm:1.1'
+  compile 'org.elasticsearch:securesm:1.2'
 
   // utilities
   compile "org.elasticsearch:elasticsearch-cli:${version}"

core/licenses/securesm-1.1.jar.sha1

@@ -1 +0,0 @@
-1e423447d020041534be94c0f31a49fbdc1f2950

core/licenses/securesm-1.2.jar.sha1

@@ -0,0 +1 @@
+4c28f5b634497d64b727961430a516f351a099d5

core/src/main/java/org/elasticsearch/bootstrap/Security.java

@@ -19,9 +19,8 @@
 
 package org.elasticsearch.bootstrap;
 
-import org.elasticsearch.Build;
 import org.elasticsearch.SecureSM;
-import org.elasticsearch.Version;
+import org.elasticsearch.cli.Command;
 import org.elasticsearch.common.SuppressForbidden;
 import org.elasticsearch.common.io.PathUtils;
 import org.elasticsearch.common.network.NetworkModule;
@@ -120,7 +119,8 @@ final class Security {
         Policy.setPolicy(new ESPolicy(createPermissions(environment), getPluginPermissions(environment), filterBadDefaults));
 
         // enable security manager
-        System.setSecurityManager(new SecureSM(new String[] { "org.elasticsearch.bootstrap.", "org.elasticsearch.cli" }));
+        final String[] classesThatCanExit = new String[] { ElasticsearchUncaughtExceptionHandler.class.getName(), Command.class.getName()};
+        System.setSecurityManager(new SecureSM(classesThatCanExit));
 
         // do some basic tests
         selfTest();