Upgrade / replace Log4j Library

[misilot]

We are getting reports from our security folks that they are detecting log4j 1.2.17

Would this be able to be replaced with maybe slf4j-reload4j?

[kshepherd]

@misilot we did something similar with DSpace 6.x, since other constraints meant we could not upgrade log4j itself. However, in recent versions of DSpace application we are able to use log4j >= 2.23.1 and avoid having to use reload4j -- is that something we could do here too, or do we need to support old java versions, and other dependencies?

(or branch off into a legacy branch, with reload4j drop in, and a main branch with modern jdk requirements and other dependency version bumps including log4j)

[misilot]

I'd be happy with either way! I just don't have a great Java background, so was looking for a drop in replacement to make our security folks happy. (Part of it was my build layers w/ Docker that I was able to fix as well)