Make sure Maven settings.xml are read correctly

[cuixq]

Maven authentication information is stored in local settings.xml.

Considering the extractor uses virtual filesystem, we need to refactor MavenRegistryAPIClient to use the virtual filesystem to read the local settings.

settings.xml is read when we construct NewMavenRegistryAPIClient and the client is constructed when the extractor is constructed which is before Extract() is called.

[oliverchang]

I discussed this with @michaelkedar earlier -- this is probably lower priority for now because auth only makes sense in the local developer use case where they have creds on their machine, and having a virtual filesystem isn't as necessary there.

[erikvarga]

What happens when we're scanning a remote container with SCALIBR? Would we expect the settings.xml be on the host that's running the scanner or on the container?
If it's on the remote container then this plugin wouldn't work for container scanning until we find a way to fix this