Add Javadoc note explaining that StringUtils.cleanPath should not be depended on in security context.