Dependency imports should always be fetched from upstream

[cuixq]

There are two places that we call mergeParents():

• Merging data from parent pom.xml files
• Importing dependency management from another project

In mergeParents(), we first check if relativePath is defined to know if we can parse parent locally. However, this only applies for the first case but not for importing dependency management. Also, once we start fetching parent pom.xml from upstream, we should no longer parse locally.

This PR adds allowLocal to mergeParents() to specify if we allow parsing local parent pom.xml, and once a parent is fetched from upstream, allowLocal is set to false.

[codecov-commenter]

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 65.17%. Comparing base (f2a30a8) to head (cf8acae). Report is 8 commits behind head on main.

Additional details and impacted files

```diff @@ Coverage Diff @@ ## main #1027 +/- ## ========================================== + Coverage 65.04% 65.17% +0.13% ========================================== Files 149 149 Lines 12252 12342 +90 ========================================== + Hits 7969 8044 +75 - Misses 3835 3847 +12 - Partials 448 451 +3 ```

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.