Dependency scan for xmlsectool 3.0.0

I'm glad I asked now.  I'm not going to ask about itack-commons-runtime which is terrifyingly omnipresent.

I've updated (in the parent POM) everything in the product bundle that's an artifact that we manage, and removed a couple of dependencies we don't need.

I've also cloned one of Tom's dependency check jobs into a new xmlsectool-v3-depcheck job and it gives the product a completely clean bill of health. I was a bit surprised that nothing showed up, but it does seem to have identified everything correctly so we seem good to go.

Removed Santuario's listed woodstox/stax dependencies, commit f904593d29401daaa0dea717bf0821f9dd9ee89f.

OK, on the basis that we don't need this and less XML processing junk is better, I'm going to exclude these. If we run into issues, we can always put them back.

This is only for xmlsectool, though, we can use it as something of a canary and come back to it if desired for the next IdP release.

Sorry, I thought it was the other way around (stax, then woodstox). I guess that's it.