Add boilerplate Java21 security properties support to sdk containers (#26798)

sdks/java/container/java21/java21-security.properties

+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Java 21 java.security properties file override for JVM
+# base properties derived from:
+# openjdk version "21-ea" 2023-09-19
+# OpenJDK Runtime Environment (build 21-ea+23-1988)
+# OpenJDK 64-Bit Server VM (build 21-ea+23-1988, mixed mode, sharing)
+
+# Java has now disabled TLSv1 and TLSv1.1. We specifically put it in the
+# legacy algorithms list to allow it to be used if something better is not
+# available (e.g. TLSv1.2). This will prevent breakages for existing users
+# (for example JDBC with MySQL). See
+# https://bugs.java.com/bugdatabase/view_bug.do?bug_id=JDK-8202343
+# for additional details.
+jdk.tls.disabledAlgorithms=SSLv3, DTLSv1.0, RC4, DES, \
+    MD5withRSA, DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \
+    ECDH
+
+# The raw value from 21-ea for legacyAlgorithms is
+#  NULL, anon, RC4, DES, 3DES_EDE_CBC
+# Because these values are in disabledAlgorithms, it is erroneous to include
+# them in legacy (they are disabled in Java 8, 11, and 17 as well). Here we 
+# only include TLSv1 and TLSv1.1 which were removed from disabledAlgorithms
+jdk.tls.legacyAlgorithms=TLSv1, TLSv1.1
+
+# /dev/random blocks in virtualized environments due to lack of
+# good entropy sources, which makes SecureRandom use impractical.
+# In particular, that affects the performance of HTTPS that relies
+# on SecureRandom.
+#
+# Due to that, /dev/urandom is used as the default.
+#
+# See http://www.2uo.de/myths-about-urandom/ for some background
+# on security of /dev/urandom on Linux.
+securerandom.source=file:/dev/./urandom
\ No newline at end of file

sdks/java/container/java21/option-java21-security.json

+{
+  "name": "java-security",
+  "enabled": true,
+  "options": {
+    "properties": {
+      "java.security.properties": "/opt/apache/beam/options/java21-security.properties"
+    }
+  }
+}