SEC-1903: Use a static CRLF Pattern in FirewalledResponse

The Pattern was being recompiled for every request
when a single instance could be shared for performance
reasons.

web/src/main/java/org/springframework/security/web/firewall/FirewalledResponse.java

@@ -9,7 +9,7 @@ import java.util.regex.Pattern;
  * @author Luke Taylor
  */
 class FirewalledResponse extends HttpServletResponseWrapper {
-    Pattern CR_OR_LF = Pattern.compile("\\r|\\n");
+    private static final Pattern CR_OR_LF = Pattern.compile("\\r|\\n");
 
     public FirewalledResponse(HttpServletResponse response) {
         super(response);