Separate out canonicalization from the Encoder component

[kwwall]

The ESAPI Validator component uses the various Encoder.canonicalize methods, which creates a tight coupling between the Validator and Encoder. We want to avoid that for ESAPI 3, therefore I am proposing to create a lightweight Canonicalizer component and move the Encoder.canonicalize methods to it. That should minimize dependencies for the Validator. ESAPI 3, since it is a major change and thus is permitted to break interfaces, would be a good time to do that.

[xeno6696]

I totally agree. As I was thinking about how to help Jeff's question, at one point I considered adjusting the sensitivity of the multiple encoding (I believe there's a parameter for that in esapi.properties) and then quickly realized that its a global setting.

No joy there.

@jeremiahjstacey In thinking about how to attack a canonicalizer in the future, I'm thinking that a builder pattern probably looks best? I know that's the path that the HTML Sanitizer uses.