Add Allow List to Jackson Support

[rwinch]

Summary

There are some performance optimizations we can provide for jackson integration

[TanqiZhou]

org.springframework.security.authentication.BadCredentialsException is not whitelisted. If you believe this class is safe to deserialize, please provide an explicit mapping using Jackson annotations or by providing a Mixin. If the serialization is only done by a trusted source, you can also enable default typing. See #4370 for details; nested exception is java.