Introduce findsecbugs as an additional spotbugs analyzer.

Adding a new spotbugs analyzer (https://find-sec-bugs.github.io/) that helps with finding security related issues.

I've tested it on a few projects and it has a few false positive around not trusting user inputs in cases where we really can (for example from configuration files, which we can trust). I think there is still value here. The false positives are few and easy to understand, and preventing stupid security issues seems like a good idea.