[NOT FOR MERGE] experiment with making deserialize check the type

[pjfanning]

• Experiment related to [Java] add more defensive version of deserialize(byte, class) #2391
• very unlikely to ever get merged but I would like to support users who carefully write their classes to make them strongly typed minimising the risks with deserialization attacks - with strongly typed classes and us checking that the input bytes match the expected type means that in theory those careful users wouldn't need to go through the tedium of writing class checkers or registering all the classes they need
• this version is still naive and is possibly at risk at having an attacker hide a dangerous class instance nested inside the main class - I will add structured test classes to test this out
• so far, the implementation changes are small and do not add much overhead because the ClassInfo is already looked up when I do the checks