FINERACT-2624: runreports prepared statement, input validation

[terencemo]

Description

This PR enhances stretchy reporting in Fineract by:

1. Sanitising input parameters based on type definitions
2. Using Prepared statement to execute stretchy reports

Integrations tests have been added which invoke runreports with both valid and invalid inputs. Numeric parameter (officeId) positive and negative tests (numeric and non-numeric input) - some of the invalid inputs include SLEEP and pg_sleep commands. Also UNION ALL inputs passed attempting SQL injection.

Besides this, unregistered parameter passing is covered where a parameter not in stretchy_report_parameter for the given report is passed. Additional integration tests can be added to cover date and string parameter types.

This PR adds input validation in fineract-core with configurable patterns in application.properties

Checklist

Please make sure these boxes are checked before submitting your pull request - thanks!

• Write the commit message as per our guidelines
• Acknowledge that we will not review PRs that are not passing the build ("green") - it is your responsibility to get a proposed PR to pass the build, not primarily the project's maintainers.
• Create/update unit or integration tests for verifying the changes made.
• Follow our coding conventions.
• Add required Swagger annotation and update API documentation at fineract-provider/src/main/resources/static/legacy-docs/apiLive.htm with details of any API changes
• This PR must not be a "code dump". Large changes can be made in a branch, with assistance. Ask for help on the developer mailing list.

Your assigned reviewer(s) will follow our guidelines for code reviews.

[adamsaghy]

Please use the hikari JDBC url from application.properties instead.

its a waste of resource open a connection just for this...

Example: org.apache.fineract.infrastructure.core.domain.FineractPlatformTenantConnection#resolveProtocol

[terencemo]

Closing in favour of #5972 , which implements suggested change