fix: remove vulnerable transitive dependency - beanutils

[jeremylong]

resolves #7704

[jeremylong]

@aikebah see any issues with this one?

[aikebah]

@jeremylong Looks fine to me, but given that only RetireJS uses commons-validator, and uses it only for a URL validity check we might even fully remove commons-validator dependency as a whole and replace it by our own helper method.

For the purposes of reference URL checking I think it would suffice to do a non-null check followed by construction of a URI for non-null strings and a call to Uri#toUrl()and treat URISyntaxException and MalformedURLException as indicators that the string is not a valid URL (return false from the helper method) . It would not introduce new try-catch guards, as commons-validator is also constructing a URI catching URISyntaxException as one of the early parts of its (more extensive) checks on URL validity.

It would save future version-bumps on commons-validator releases and reduces the transitive dependency set at runtime (commons-beanutils itself would still be present as a test-dependency of mockserver (via velocity-tools-generic) in the dependency-check-utils module)