Defensively copy array returned from TypeDescriptor

Update the internal proxy used in `TypeDescriptor` so that it returns a
cloned array for calls to `getDeclaredAnnotations` or `getAnnotations`.

Closes gh-22695

Author: philwebb

spring-core/src/main/java/org/springframework/core/convert/TypeDescriptor.java

@@ -765,7 +765,7 @@ public <T extends Annotation> T getAnnotation(Class<T> annotationClass) {
 
 		@Override
 		public Annotation[] getAnnotations() {
-			return (this.annotations != null ? this.annotations : EMPTY_ANNOTATION_ARRAY);
+			return (this.annotations != null ? this.annotations.clone() : EMPTY_ANNOTATION_ARRAY);
 		}
 
 		@Override

spring-core/src/test/java/org/springframework/core/convert/TypeDescriptorTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2018 the original author or authors.
+ * Copyright 2002-2019 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -168,6 +168,13 @@ public void parameterAnnotated() throws Exception {
 		assertEquals(123, t1.getAnnotation(ParameterAnnotation.class).value());
 	}
 
+	@Test
+	public void getAnnotationsReturnsClonedArray() throws Exception {
+		TypeDescriptor t = new TypeDescriptor(new MethodParameter(getClass().getMethod("testAnnotatedMethod", String.class), 0));
+		t.getAnnotations()[0] = null;
+		assertNotNull(t.getAnnotations()[0]);
+	}
+
 	@Test
 	public void propertyComplex() throws Exception {
 		Property property = new Property(getClass(), getClass().getMethod("getComplexProperty"),