Change default of `DeserializationFeature.FAIL_ON_TRAILING_TOKENS` to `true` for 3.0

[yawkat]

imo it is better to fail by default here. If you're parsing line-delimited json, you'll notice immediately if you forget to turn off FAIL_ON_TRAILING_TOKENS. However in the other direction, if it was off by default and you forget to turn it on, you probably would never notice (few people test for failures), which could also open up the door to parsing differential vulnerabilities in an application.

See discussion on #3400

[cowtowncoder]

Have not yet decided but will include in "potentially for 3.0.0" list, will bring up on discussion (to be created).

[JooHyukKim]

Though the rationale here makes sense (and the one from #3400), this seems to be have similar aspects to #493 about FAIL_ON_UNKNOWN_PROPERTIES feature.

So main opposing idea would be the Postel's Law saying...

"be conservative in what you do, be liberal in what you accept from others".

... at the moment I don't have strong opinion on either side yet. I wish we could invite over the same crowd from #493 for discussion 😅.

[cowtowncoder]

See discussion at FasterXML/jackson-future-ideas#74 wrt whether to make proposed change in 3.0.0.

[cowtowncoder]

Proposal approved: can proceed with this change.