Add SAXReader sec features to match the defaults ...
In relevance to https://github.com/dom4j/dom4j/commit/a8228522a99a02146106672a34c104adbda5c658
the default SAXReader contains the following features :
The default SAXReader in the new dom4j version, has these security defaults.
I think it would be a good idea, not to use fewer security SAXReader features than the default one.
Maybe additional features are needed.