Java: More sanitizers for request-forgery

[erik-krogh]

trafficstars

This PR adds the same sanitizers as https://github.com/github/codeql/pull/15596 did for C#.
I mostly used AI to translate the tests from C# to Java.

An evaluation looks fine.
One less result due to a List.contains() call that sanitizes the value.

---

I'll try to update the QHelp (similarly to https://github.com/github/codeql/pull/15623) once this PR has been merged.

[atorralba]

Also we should include a change note.