At some point in the near future (Java 16 has been mentioned as a possibility), it's likely that we will be forced to run on JVMs where the default illegal access setting is "deny" (rather than "permit" as it is today). In order to be sure we are good module citizens, we need to start testing against this mode.

This may make sense to apply to all our Java 9+ test runs today since they should be doing the right module things already. As we go forward we would continue to transition green test suites to running on a 9+ VM with access=deny, and then when the switch is thrown we'd be ready.

Ideally we should shoot for full modularization and at least a few suites running with access=deny by 9.3.