feat: #7482 offer ossindex credentials for maven

[nhumblot]

Description of Change

This PR is a draft. Identified things that must be checked before marking it as ready:

• Tests
• Explicitly testing to prevent a new issue in the form of GHSA-qqhq-8r2c-c3f5

This PR aims to implement #7482 as expressed into the initial comment of the discussion.

Added change to the documentation as is:

Related issues

• fixes Offer OSS Index user/pw for Maven #7482

Have test cases been added to cover the new functionality?

yes/no: no as of now, but has to be implemented before marking the PR as ready.

[aikebah]

@nhumblot Your feature implemenation should include the environmentvariable option similar to how its done for the NVD API (which was unfortunately not added to the maven doc markdown (we should fix that) but is being documented in the standard maven plugin docs at https://dependency-check.github.io/DependencyCheck/dependency-check-maven/check-mojo.html#nvdApiKeyEnvironmentVariable

Specifying the environment variable name is a safer way to pass them than directly in the command-line (typically the env variable itself would be provided by setting it as a CI secret) given that maven will always log unmasked plaintexts on the mvn -X executions.

Configuring the ossIndexPassword property as an env variable reference would not help, as it would get interpolated by the shell and by the time maven logs it (in the -X-case) it would already be a plaintext password.

Wording for the ossIndexPassword should be similar to that of the ApiKey setting nudging the users to prefer either the settings.xml or the env variablename configuration option over specifying a password directly that is guaranteed to be exposed by mvn -X https://dependency-check.github.io/DependencyCheck/dependency-check-maven/check-mojo.html#nvdApiKey