Switch from `org.lz4:lz4-java` to `at.yawk.lz4:lz4-java` due to CVE-2025-12183 & CVE-2025-66566.

[mjschwaiger]

Switch from org.lz4:lz4-java to at.yawk.lz4:lz4-java and update version >1.8.0 >=1.10.1 of lz4-java due to CVE-2025-12183 and CVE-2025-66566.

org.lz4:lz4-java library is discontinued and a fork at.yawk.lz4:lz4-java maintained by the community (@yawkat) was established.

• lz4-java repo seems lack of maintainers lz4/lz4#1346
• https://github.com/yawkat/lz4-java

Vulnerability CVE-2025-12183:

• https://sites.google.com/sonatype.com/vulnerabilities/cve-2025-12183
• https://security.snyk.io/vuln/SNYK-JAVA-ORGLZ4-14151788

Also discussed in Apache projects:

• https://issues.apache.org/jira/browse/KAFKA-19951
• https://issues.apache.org/jira/browse/CASSANDRA-21052

See also pull request #992.

[ChrSchmidtHRO]

There is another CVE-2025-66566.
at.yawk.lz4:lz4-java should then be updated to 1.10.1.