Only produce UCFGs when a compatible SonarSecurity version is installed

[dbolkensteyn]

Currently, UCFGs are produced if and only if any of the SonarSecurity rules are enabled.

SonarCSharp 7.4 produces new UCFGs that cannot be read by SonarSecurity 7.2. If a customer of SonarQube 7.2 updates to SonarCSharp 7.4, some catastrophic failure will happen during the UCFG's deserialization.

In order to prevent this, SonarJava should only produce its UCFGs if it knows that SonarSecurity will not fail to consume them.

If the versions are incompatible, a warning message should be logged, and no UCFGs should be produced.

Relates to https://jira.sonarsource.com/browse/SONARJAVA-2823

[dbolkensteyn]

In the end, we decided to deal with this through the update center: SonarCSharp 7.4 will be compatible only with SQ 6.7 LTS and 7.3+, but no the versions in between (and so excluding 7.2).

This means that existing SonarQube 7.2 users will not see the update to SonarCSharp 7.4 as available.

However note that they still will be able to manually install the updated C# plugin, in which case they'll end up with a technical error message about UCFG deserialization.