Check that Find sec bugs running on Groovy projects can find as many bugs as on Java

The find-sec-bugs-groovy analyzer doesn't pick up as many vulnerabilities as the gradle analyzer.

tests/fixture/app contains a vulnerable app ; with the groovy version, FSB doesn't detect CIPHER_INTEGRITY vulnerabilities. This leads to doubts about the usefulness of the tool, if it doesn't find vulnerabilities it can give a false sense of security.

We should look into this and test what vulnerabilities FSB can find on Groovy files ; making a test project demonstrating them would be a nice thing to have.