Add KeyManagerFactory consideration to reflect upcoming default change to PKIX

[e30532]

In Oracle security guide regarding KeyManagerFactory, there has been a note mentioning that the SunX509 factory is for backwards compatibility with older releases, and should no longer be used.

Security Developer’s Guide - 4 JDK Providers Documentation - The SunJSSE Provider
https://docs.oracle.com/en/java/javase/25/security/oracle-providers.html#GUID-7093246A-31A3-4304-AC5F-5FB6400405E2

And it appears that the default value is going to be changed.

Change the default key manager to PKIX
https://bugs.openjdk.org/browse/JDK-8272875

8272875: Change the default key manager to PKIX #24756
openjdk/jdk#24756

Update "Security Developer's Guide" documentation.
https://bugs.openjdk.org/browse/JDK-8355771

It would be beneficial if the Liberty documentation like https://openliberty.io/docs/latest/security-hardening.html explains the KeyManagerFactory consideration too, allowing users to aware of it from both the Java and Liberty perspectives and choose the appropriate option accordingly.

[una-tapa]

This documentation request has already been reviewed by the Core Security team. Multiple customers have raised the same questions, and this update will help address them. Please consider prioritizing it. Thank you.

[jantley-ibm]

@e30532 @una-tapa updates are on draft:

https://docs-draft-openlibertyio.mqj6zf7jocq.us-south.codeengine.appdomain.cloud/docs/latest/security-hardening.html
(see 4th bullet under network hardening)

That link goes section where PKIX and SunX509 are discussed; in the box, 2nd paragraph, is a new (3rd) sentence:
https://docs-draft-openlibertyio.mqj6zf7jocq.us-south.codeengine.appdomain.cloud/docs/latest/network-hardening.html#tls

Let me know if this looks OK. Thanks --