PDFBOX-4505: unify the usage of a XMLParser (DRY) to avoid a XML External Entity (XXE) attack as reported by Kurt Boberg of DocuSign CVE-2019-0228