See <https://bugs.openjdk.java.net/browse/JDK-8175094> and <https://bugs.openjdk.java.net/browse/JDK-8191138>.
Need to understand how this affects public Oak APIs, and what to do with them on Java 12 (which will be an LTS release we probably need to support with Oak 1.10).
Empty PrincipalProvider cache breaks membership collection
Introduce replacement for java.security.acl.Group
Remove all usage of java.security.acl.Group for Java 14
java.security.acl deprecated in Java 10, marked for removal in Java 12