Add missing domains to Java ecosystem profile

## Summary

While testing agentic workflows on popular Java OSS repositories (gson, commons-lang, caffeine), several domains required for Java development were blocked by the firewall. These domains should be added to the `java` ecosystem profile in `pkg/workflow/data/ecosystem_domains.json`.

## Blocked Domains Discovered

| Domain | Purpose | Blocked In |
|--------|---------|------------|
| `dlcdn.apache.org` | Apache download CDN for Maven/tools | gson, commons-lang |
| `archive.apache.org` | Apache archive for older releases | gson |
| `download.java.net` | Java downloads | caffeine |
| `api.foojay.io` | Foojay Disco API for Java toolchain discovery (used by Gradle toolchains plugin) | caffeine |

## Context

When running agentic workflows with the `java` ecosystem profile enabled, agents that need to download Java tooling (JDK, Maven, Gradle) often fail because:

1. **Apache CDN domains** - Maven and other Apache tools are distributed via `dlcdn.apache.org` and `archive.apache.org`, which are not in the current Java profile
2. **Java.net downloads** - Some Java distributions and tools are hosted on `download.java.net`
3. **Foojay API** - The Foojay Disco API (`api.foojay.io`) is used by Gradle's toolchain auto-provisioning feature to discover and download JDKs

## Current Java Profile

```json
"java": [
  "www.java.com",
  "jdk.java.net",
  "api.adoptium.net",
  "adoptium.net",
  "repo.maven.apache.org",
  "maven.apache.org",
  "repo1.maven.org",
  "maven.pkg.github.com",
  "maven.oracle.com",
  "repo.spring.io",
  "gradle.org",
  "services.gradle.org",
  "plugins.gradle.org",
  "plugins-artifacts.gradle.org",
  "repo.grails.org",
  "download.eclipse.org",
  "download.oracle.com",
  "jcenter.bintray.com"
]
```

## Proposed Additions

```json
"java": [
  // ... existing domains ...
  "dlcdn.apache.org",
  "archive.apache.org", 
  "download.java.net",
  "api.foojay.io",
  "cdn.azul.com"  // Azul Zulu JDK downloads (commonly used alternative JDK)
]
```

## Test Repositories

- https://github.com/Mossaka/gson - ✅ Passed (agent downloaded JDK from github.com which is allowed)
- https://github.com/Mossaka/commons-lang - ❌ Failed due to blocked domains
- https://github.com/Mossaka/caffeine - ❌ Failed due to blocked domains

## Reproduction

1. Create an agentic workflow with `java` in the allowed network list:
   ```yaml
   network:
     firewall: true
     allowed:
       - defaults
       - github
       - java
   ```
2. Run a workflow that needs to download Maven or configure Gradle toolchains
3. Observe blocked domain errors in firewall logs

## Evidence

Firewall access logs showing blocked requests:
```
TCP_DENIED dlcdn.apache.org:443
TCP_DENIED archive.apache.org:443
TCP_DENIED download.java.net:443
```

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Add missing domains to Java ecosystem profile #12394

Summary

Blocked Domains Discovered

Context

Current Java Profile

Proposed Additions

Test Repositories

Reproduction

Evidence

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

Domain	Purpose	Blocked In
`dlcdn.apache.org`	Apache download CDN for Maven/tools	gson, commons-lang
`archive.apache.org`	Apache archive for older releases	gson
`download.java.net`	Java downloads	caffeine
`api.foojay.io`	Foojay Disco API for Java toolchain discovery (used by Gradle toolchains plugin)	caffeine

Uh oh!

Add missing domains to Java ecosystem profile #12394

Description

Summary

Blocked Domains Discovered

Context

Current Java Profile

Proposed Additions

Test Repositories

Reproduction

Evidence

Metadata

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

Issue actions