Add SPF4Peppol support for sender authorization policies

[stevenn]

Summary

• Implement SPF4Peppol (Sender Policy Framework for Peppol) to allow participants to declare which Access Points are authorized to send documents on their behalf
• Add domain model with policy terms (qualifier + mechanism + value)
• Add XML backend storage manager
• Add REST API endpoint: GET /security/{participantId}/spf

Details

New classes in com.helger.phoss.smp.domain.spf:

• ESPF4PeppolQualifier - Enum: pass, fail, softfail, neutral
• ESPF4PeppolMechanism - Enum: seatid, certfp, smp, reference, all
• SPF4PeppolTerm - Single policy term
• ISMPSPF4PeppolPolicy / SMPSPF4PeppolPolicy - Policy interface and implementation
• ISMPSPF4PeppolPolicyManager - Manager interface
• SMPSPF4PeppolPolicyMicroTypeConverter - XML serialization

XML Backend:

• SMPSPF4PeppolPolicyManagerXML - File-based storage

REST API:

• APIExecutorSPF4PeppolGet - Returns XML per SPF4Peppol 1.0 spec

Example Response

<?xml version="1.0" encoding="UTF-8"?>
<Policy xmlns="urn:peppol:spf4peppol:1.0" version="1.0">
  <Terms>
    <Term qualifier="pass" mechanism="seatid">PEPPOL-SEAT-001</Term>
    <Term qualifier="softfail" mechanism="all" />
  </Terms>
  <Modifiers>
    <TTL>3600</TTL>
    <Explanation>Test SPF4Peppol policy</Explanation>
  </Modifiers>
</Policy>

Test plan

• Build passes (mvn clean install -DskipTests)
• Unit tests pass for backend and backend-xml modules
• Manual test: endpoint returns 404 when no policy exists
• Manual test: endpoint returns correct XML when policy exists

[phax]

Thx Steven - good starting point. However, we need to do a little refinement on the original repo first. So please have a little patience on this PR :)

[stevenn]

Hey @phax I amended the PR with the suggested endpoint structure. At your leisure!