Remove easyrules

[mosabua]

Currently Trino Gateway uses easyrules https://github.com/j-easy/easy-rules to allow custom routing rule definition.

While this is very flexible and powerful the project has gone stale and unmaintained.

In addition there is a severe security issue https://nvd.nist.gov/vuln/detail/CVE-2023-50571
even though that relies on a insecure class being loaded and used as part of rule validation. Since dynamic loading of such classes is not part of Trino Gateway this most likely does not apply.

We should remove easy-rules usage and find alternatives. We also discussed declaring rules in a scripting language (or even plain java). In any case .. we will have to figure out security aspects around all that.

Options might be:

• https://commons.apache.org/proper/commons-jexl/
• https://github.com/mvel/mvel (we use it already indirectly, same security issue applies)

[willmostly]

Agreed that calling this CVE a High is a stretch....
Looks like mvel has addImport methods for controlling which classes are available, so it may not be affected by the linked CVE.

With either mvel or jexl we'll need to reimplements the rule wrappers & prioritization provided by easy-rules, so we should evaluate both options. I think it will be similar effort either way

[mosabua]

We should also check with airlift and trino projects if there are any recommendations