When setting a java.security.Policy if the Java version is below 24 this can be set globally as normal, for 24 or later we will need to maintain our own static reference as Java 24 no longer allows this to be set.

For getting we should have come kind of PolicyUtil we can get, this will in turn wrap the java.security.Policy that is obtained based on the Java version as per part 1. This PolicyUtil will just need two methods, implies and refresh.

This PolicyUtil wrapper is important as this will enable us to swap out the Policy API used by Jakarta Authorization 3.0.0 and our callers will be able to continue to use this generic API.

The JaccDelegatingPolicy implementation should also be updated, only on Java versions below Java 24 should it obtain the existing Policy to wrap - from Java 24 and later it should skip that step. To fail safely if it is not wrapping an existing Policy object the fallback behaviour should be to return false.