[BUG/performance] Serialization/Deserialization check for safe classes adds performance overhead

[krishna-ggk]

What is the bug?
While debugging latency contributors in an OpenSearch 2.13 cluster using JDK serialization, we noticed SafeSerializationUtils.isSafeClass adds ~20% overhead to latency although it isn't as visible in flamegraphs (0.02%) (This was validated by short circuiting isSafeClass to return).

What is the expected behavior?
It seems like a very low hanging fruit to gain significant performance benefit.

[cwperks]

[Triage] Thanks for the issue @krishna-ggk and associated flame graph. 20% overhead sounds quite high for a method that is just to lookup a classname in a list of allowed class names. This sounds like it would be a good performance benefit if it can be optimized securely. Marking this issue as triaged.