[BREAKING][#130] Serializable: split *serializable-whitelist* into se…

…parate freeze/thaw lists

Removed 2x vars:
  -     *serializable-whitelist*
  - swap-serializable-whitelist!

Added 4x vars:
  -     *freeze-serializable-allowlist*
  -       *thaw-serializable-allowlist*
  - swap-freeze-serializable-allowlist!
  -   swap-thaw-serializable-allowlist!

Deprecated 2x JVM properties:
  - taoensso.nippy.serializable-whitelist-base
  - taoensso.nippy.serializable-whitelist-add

Deprecated 2x ENV vars:
  - TAOENSSO_NIPPY_SERIALIZABLE_WHITELIST_BASE
  - TAOENSSO_NIPPY_SERIALIZABLE_WHITELIST_ADD

API is otherwise identical.

MOTIVATION

  An API break is unfortunate- but the break here is small, and the
  benefit significant.

  By separating the freeze/thaw lists, it becomes possible to safely
  allow *any* classes to be frozen - and so effectively make the
  allowlist a purely thaw-time concern in the common case.

  This has several advantages including:

    - No risk of Nippy calls unexpectedly throwing where they didn't
      before.

    - The ability to adjust or bypass the thaw allowlist *after*
      seeing which class objects have been quarantined.

  In general: this change eases migration to RCE-safe Nippy from
  RCE-vulnerable versions. This is especially useful in cases where
  Nippy is being used as an ~implementation detail for another
  library/application/service.

project.clj

@@ -36,8 +36,8 @@
    :test
    {:jvm-opts
     ["-Xms1024m" "-Xmx2048m"
-     "-Dtaoensso.nippy.serializable-whitelist-base=base.1, base.2"
-     "-Dtaoensso.nippy.serializable-whitelist-add=add.1 , add.2"]
+     "-Dtaoensso.nippy.thaw-serializable-allowlist-base=base.1, base.2"
+     "-Dtaoensso.nippy.thaw-serializable-allowlist-add=add.1 , add.2"]
     :dependencies
     [[org.clojure/test.check        "1.1.0"]
      [org.clojure/data.fressian     "1.0.0"]