config-tools: replace xml.etree.ElementTree with defusedxml.ElementTree

Using xml.etree.ElementTree to parse the untrusted data is known to
raise security issue. Replaced it using defusedxml.

Tracked-On: #6342
Signed-off-by: Yang,Yu-chu <yu-chu.yang@intel.com>

doc/getting-started/building-from-source.rst

@@ -80,7 +80,7 @@ ACRN.
           xsltproc \
           clang-format
 
-     sudo pip3 install lxml xmlschema
+     sudo pip3 install lxml xmlschema defusedxml
 
      wget https://acpica.org/sites/acpica/files/acpica-unix-20210105.tar.gz
      tar zxvf acpica-unix-20210105.tar.gz

doc/getting-started/getting-started.rst

@@ -180,7 +180,7 @@ Build the ACRN Hypervisor on Ubuntu
         xsltproc \
         clang-format
 
-      $ sudo pip3 install lxml xmlschema
+      $ sudo pip3 install lxml xmlschema defusedxml
 
 #. Starting with the ACRN v2.2 release, we use the ``iasl`` tool to
    compile an offline ACPI binary for pre-launched VMs while building ACRN,

misc/config_tools/config_app/requirements

@@ -2,3 +2,4 @@ Flask==1.1.1
 flask_bootstrap==3.3.7.1
 xmlschema==1.4.1
 lxml==4.6.2
+defusedxml==0.7.1

misc/config_tools/library/common.py

@@ -8,7 +8,7 @@ import sys
 import getopt
 import shutil
 import subprocess # nosec
-import xml.etree.ElementTree as ET
+import defusedxml.ElementTree as ET
 import re
 import lxml