Fix code scanning alert no. 6: Resolving XML external entity in user-controlled data

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

Author: hazendaz

src/main/java/org/apache/ibatis/parsing/XPathParser.java

@@ -231,6 +231,9 @@ private Document createDocument(InputSource inputSource) {
     try {
       DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
       factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
+      factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
+      factory.setFeature("http://xml.org/sax/features/external-general-entities", false);
+      factory.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
       factory.setValidating(validation);
 
       factory.setNamespaceAware(false);