Disable Java RMI remote classloading for CVE-2013-1537

Change effective on 17 April 2013

A security bug in OpenJDK allows remote code execution via RMI. JVM-based apps (e.g. Java, Scala, Clojure) will receive an update to address the security bug the next time you push to Heroku. The -Djava.rmi.server.useCodebaseOnly=true system property will automatically be set on the app. If you wish to override this setting, you can do so in JAVA_OPTS or in your application’s Procfile.