Add ObjectInputStream.readObject to forbidden apis (#10952)

Add ObjectInputStream.readObject to forbidden apis

Co-authored-by: dougqh <dougqh@gmail.com>

Removing unnecessary defaultmessage added by AI

Adding URL to relevant documentation

Merge branch 'master' into dd/prevent-objectinputstream-deserialization

Co-authored-by: datadog-datadog-prod-us1[bot] <88084959+datadog-datadog-prod-us1[bot]@users.noreply.github.com>
Co-authored-by: devflow.devflow-routing-intake <devflow.devflow-routing-intake@kubernetes.us1.ddbuild.io>

Author: 3 people

gradle/forbiddenApiFilters/main.txt

@@ -50,3 +50,6 @@ java.lang.reflect.Field#setLong(java.lang.Object,long)
 java.lang.reflect.Field#setFloat(java.lang.Object,float)
 java.lang.reflect.Field#setDouble(java.lang.Object,double)
 java.lang.invoke.MethodHandles.Lookup#unreflectSetter(java.lang.reflect.Field)
+
+# avoid Java deserialization entrypoint - see warning in https://docs.oracle.com/en/java/javase/25/docs/api/java.base/java/io/ObjectInputStream.html
+java.io.ObjectInputStream#readObject()