Use safe XML parser for rich text in PdfUA2AnnotationChecker

[netliomax25-code]

1. getRichTextStringValue parses the RC (rich text) entry of an annotation, which comes straight from the PDF being validated for PDF/UA-2 conformance.
2. it used XmlUtil.initXmlDocument, a bare DocumentBuilderFactory.newInstance() with DOCTYPE and external entities left enabled, so a crafted RC stream can pull in an external entity (local file read / SSRF).
3. switched the parse to XmlProcessorCreator.createSafeDocumentBuilder, the same hardened factory used elsewhere in the library, which rejects DOCTYPE and external entities.

Validation: added a unit test feeding an RC value with a DOCTYPE/external entity; it fails on the old parser and passes once the safe builder rejects the declaration.

[iText-CI]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scan Engine	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[vitali-pr]

hi @netliomax25-code ,
Thank you for your contribution!

Would you mind signing the Contributor License Agreement?
The details are available at https://itextpdf.com/en/how-buy/legal/itext-contributor-license-agreement
We need it in order to be able to merge your PR.

[netliomax25-code]

Sure, no problem. I'll get the CLA signed on my end so this can move forward.

[netliomax25-code]

hi @netliomax25-code , Thank you for your contribution!

Would you mind signing the Contributor License Agreement? The details are available at https://itextpdf.com/en/how-buy/legal/itext-contributor-license-agreement We need it in order to be able to merge your PR.

Done