fix: resolve snyk vulnerabilities

[stevecl5]

Summary of Changes

Dependency Updates

Updated plugins and core dependencies, including:

• Coppuccino 5.x -> 6.2.1
• Vogue 2.+ -> 3.0.2
• Lettuce Core 6.2.0.RELEASE -> 6.2.7.RELEASE

These updates resolved the following Snyk vulnerabilities:
TBA

Dependency Cleanup & Fixes:

• Natively Resolves CVEs: Updated io.lettuce:lettuce-core to 6.2.7.RELEASE, which natively resolves CVE-2022-41915 (Netty vulnerability). This allowed for the removal of the manual io.netty:netty-handler version override in :store-redis.

Gradle Project Improvements

This PR aligns the path-facilities configuration with the modern architectural standards recently established in path-core and path-mdx-model.

Root Project (build.gradle)

• Centralized Testing Inheritance: Moved testImplementation "com.mx.path-core:testing" into the root subprojects block so all facility modules natively inherit the standardized test framework.
• Centralized Publishing & Signing: Decoupled publication definitions from metadata decoration. Universally applies POM metadata and dynamic signing to all published artifacts via the root subprojects block. (Also fixed a legacy copy-paste bug where the POM URL incorrectly pointed to path-core).
• Variable Standardization: Renamed pathSDKVersion to pathCoreVersion and bumped the range to [6.0,7.0) to align with the core ecosystem.
• Modernized Task Configuration: Replaced legacy afterEvaluate blocks for spotlessApply and subdependencies with lazy task configuration.
• Global Toolchains: Replaced sourceCompatibility and targetCompatibility by enforcing Java 17 globally using the modern java { toolchain { ... } } API.
• Simplified Artifacts: Replaced manual package tasks (sourcesJar, packageJavadoc) with the native java { withSourcesJar(); withJavadocJar() } DSL.

Sub-Projects (store-redis, store-vault, message-broker-nats, etc.)

• Version Stripping: Removed hardcoded versions for commons-codec and slf4j libraries, allowing them to strictly inherit the centralized coordinates from the path-core BOM constraints.
• Testing Boilerplate Removal: Removed redundant declarations of mockito-inline, spock-core, and slf4j-simple across all sub-projects. These are now provided seamlessly by root inheritance and the modernized path-core:testing API.
• Ext Block Scoping: Updated the local ext variable block in fault-tolerant-executor-resilience4j to explicitly use project.ext.resilience4jVersion for safer scope resolution.
• Cleaned Configuration: Removed redundant excludePreReleaseVersions = true lines from local coppuccino blocks, as this is now handled centrally.

Platform BOM (platform)

• Simplified BOM: Stripped out redundant pom { ... } metadata blocks and manual signing tasks. The project now strictly acts as a java-platform to cleanly expose the path-facilities constraints to external consumers.

Public API Additions/Changes

N/A

Downstream Consumer Impact

N/A

How Has This Been Tested?

Verified that the BOM generates correctly, dependencies resolve cleanly, and vulnerabilities are minimized by running snyk test --all-projects --exclude=build.

Snyk scan results

TBA

Checklist:

• My code follows the style guidelines of this project
• I have performed a self-review of my code
• I have made corresponding changes to the documentation
• My changes generate no new warnings
• I have added tests that prove my fix is effective or that my feature works