Add permissions for GRADLE_RO_DEP_CACHE to security policy

Dependencies in the cache should have the same permissions as
dependencies in Gradle user home.

KTI-2546

(cherry picked from commit ccf655d)

Author: kbrgnj

repo/gradle-build-conventions/compiler-tests-convention/src/main/kotlin/test-inputs-check.gradle.kts

@@ -108,6 +108,14 @@ tasks.withType<Test>().names.forEach { taskName ->
                     } else emptyList()
                 }
 
+                val allPermissionsForGradleRoDepCache = System.getenv("GRADLE_RO_DEP_CACHE")?.let {
+                    listOf(
+                        """grant codeBase "file:${File(it).absolutePath}/-" {""",
+                        """    permission java.security.AllPermission;""",
+                        """};""",
+                    ).joinToString("\n")
+                }
+
                 fun calcCanonicalTempPath(): String {
                     val file = File(System.getProperty("java.io.tmpdir"))
                     try {
@@ -176,6 +184,7 @@ tasks.withType<Test>().names.forEach { taskName ->
                                 }).joinToString("\n    ")
                             )
                             .replace("{{gradle_user_home}}", """$gradleUserHomeDir""")
+                            .replace("{{all_permissions_for_gradle_ro_dep_cache}}", allPermissionsForGradleRoDepCache ?: "")
                             .replace(
                                 "{{build_dir}}",
                                 """permission java.io.FilePermission "${buildDir.get().asFile.absolutePath}/-", "read,write,execute,delete";"""

tests-permissions.template.policy

@@ -1,6 +1,7 @@
 grant codeBase "file:{{gradle_user_home}}/-" {
     permission java.security.AllPermission;
 };
+{{all_permissions_for_gradle_ro_dep_cache}}
 grant {
     // Basic permissions needed for tests to run
     permission java.lang.RuntimePermission "*";