Sam Gammon

The StepSecurity PR (before cleanup): https://github.com/sgammon/guava/pull/1 Here is a sample run: https://github.com/sgammon/guava/actions/runs/8207681690

This needs a little bit of cleanup -- mostly an autorebase -- but otherwise it is ready for review @cpovirk

Okay, excellent, thank you for approving CI workflows by the way. That helps a bunch because I can test running these on an unauthorized fork. Consequently, the two failures there...

Rebasing this shortly since #7087 was merged

### Provenance/Security stuff - Hardening is now strict and denies `sudo` and network traffic outside of allowlists for each job - SLSA provenance is generated on `push` to `master`, or...

Gotcha. It sounds like it doesn't make sense to include SBOMs within the JAR itself, so I'll unwind that part and hold it alongside the JAR as an output artifact.

New complication to this: `failureaccess` will need to see a modular release. I've added a definition and set the current version to `1.0.3-jpms`. It will be added shortly to the...

@Sineaggi probably at least a rebase and a cleanup round. I'm waiting for feedback but if I don't receive any in the next few days/week, I'll go ahead and rebase...

Guava with JPMS is released and under testing via the [javamodules.dev](https://javamodules.dev) repository. I am using it in several projects with no problems.

With Netty and other libraries expressing interest as well, I plan to come back to this shortly.