Drop dependency on outdated xerces

`xerces` does not support the `http://javax.xml.XMLConstants/property/accessExternalDTD` property that `cyclonedx-core-java` is using:

```
java.lang.IllegalArgumentException: Property 'http://javax.xml.XMLConstants/property/accessExternalDTD' is not recognized.
	at org.apache.xerces.jaxp.DocumentBuilderFactoryImpl.setAttribute(Unknown Source)
	at org.cyclonedx.parsers.XmlParser.createSecureDocument(XmlParser.java:339)
	at org.cyclonedx.parsers.XmlParser.extractAllNamespaceDeclarations(XmlParser.java:310)
	at org.cyclonedx.parsers.XmlParser.identifySchemaVersion(XmlParser.java:296)
	at org.cyclonedx.parsers.XmlParser.parse(XmlParser.java:97)
```

The remaining code relying on `xerces` turned out to be unused, and was consequently removed as well.

Signed-off-by: nscuro <nscuro@protonmail.com>

pom.xml

@@ -338,19 +338,6 @@
             <version>${lib.cloud-sql-connector-jdbc-sqlserver.version}</version>
         </dependency>
 
-        <!-- Xerces -->
-        <dependency>
-            <groupId>xerces</groupId>
-            <artifactId>xercesImpl</artifactId>
-            <version>2.12.2</version>
-            <exclusions>
-                <exclusion>
-                    <groupId>xml-apis</groupId>
-                    <artifactId>xml-apis</artifactId>
-                </exclusion>
-            </exclusions>
-        </dependency>
-
         <dependency>
             <groupId>org.apache.commons</groupId>
             <artifactId>commons-compress</artifactId>

src/main/java/org/dependencytrack/util/XmlUtil.java

@@ -18,91 +18,22 @@
  */
 package org.dependencytrack.util;
 
-import org.xml.sax.SAXException;
-import org.xml.sax.SAXNotRecognizedException;
-import org.xml.sax.SAXNotSupportedException;
-
 import javax.xml.XMLConstants;
 import javax.xml.parsers.DocumentBuilder;
 import javax.xml.parsers.DocumentBuilderFactory;
 import javax.xml.parsers.ParserConfigurationException;
-import javax.xml.parsers.SAXParser;
-import javax.xml.parsers.SAXParserFactory;
-import java.io.InputStream;
-
-import static org.apache.xerces.jaxp.JAXPConstants.JAXP_SCHEMA_LANGUAGE;
-
-import static org.apache.xerces.jaxp.JAXPConstants.JAXP_SCHEMA_SOURCE;
-import static org.apache.xerces.jaxp.JAXPConstants.W3C_XML_SCHEMA;
-
 
 public final class XmlUtil {
 
-    private XmlUtil() { }
-
-    /**
-     * Constructs a validating secure SAX Parser.
-     *
-     * @param schemaStream One or more inputStreams with the schema(s) that the
-     * parser should be able to validate the XML against, one InputStream per
-     * schema
-     * @return a SAX Parser
-     * @throws javax.xml.parsers.ParserConfigurationException is thrown if there
-     * is a parser configuration exception
-     * @throws org.xml.sax.SAXNotRecognizedException thrown if there is an
-     * unrecognized feature
-     * @throws org.xml.sax.SAXNotSupportedException thrown if there is a
-     * non-supported feature
-     * @throws org.xml.sax.SAXException is thrown if there is a
-     * org.xml.sax.SAXException
-     */
-    public static SAXParser buildSecureSaxParser(InputStream... schemaStream) throws ParserConfigurationException,
-            SAXNotRecognizedException, SAXNotSupportedException, SAXException {
-        final SAXParserFactory factory = SAXParserFactory.newInstance();
-        factory.setNamespaceAware(true);
-        factory.setValidating(true);
-        factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
-        factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
-        factory.setFeature("http://xml.org/sax/features/external-general-entities", false);
-        factory.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
-        factory.setFeature("http://apache.org/xml/features/nonvalidating/load-dtd-grammar", false);
-        factory.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false);
-        System.setProperty("javax.xml.accessExternalSchema", "file, https");
-
-        final SAXParser saxParser = factory.newSAXParser();
-        saxParser.setProperty(JAXP_SCHEMA_LANGUAGE, W3C_XML_SCHEMA);
-        saxParser.setProperty(JAXP_SCHEMA_SOURCE, schemaStream);
-        return saxParser;
-    }
-
-    /**
-     * Constructs a secure SAX Parser.
-     *
-     * @return a SAX Parser
-     * @throws javax.xml.parsers.ParserConfigurationException thrown if there is
-     * a parser configuration exception
-     * @throws org.xml.sax.SAXNotRecognizedException thrown if there is an
-     * unrecognized feature
-     * @throws org.xml.sax.SAXNotSupportedException thrown if there is a
-     * non-supported feature
-     * @throws org.xml.sax.SAXException is thrown if there is a
-     * org.xml.sax.SAXException
-     */
-    public static SAXParser buildSecureSaxParser() throws ParserConfigurationException,
-            SAXNotRecognizedException, SAXNotSupportedException, SAXException {
-        final SAXParserFactory factory = SAXParserFactory.newInstance();
-        factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
-        factory.setFeature("http://xml.org/sax/features/external-general-entities", false);
-        factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
-        return factory.newSAXParser();
+    private XmlUtil() {
     }
 
     /**
      * Constructs a new document builder with security features enabled.
      *
      * @return a new document builder
      * @throws javax.xml.parsers.ParserConfigurationException thrown if there is
-     * a parser configuration exception
+     *                                                        a parser configuration exception
      */
     public static DocumentBuilder buildSecureDocumentBuilder() throws ParserConfigurationException {
         final DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();