fix: include security patches for plugin dependencies

[stevecl5]

Summary of Changes

Added dependency constraints for plugin dependencies to address multiple known security vulnerabilities. By adding the constraints in the plugin itself, consumers will not need to override these dependencies in their own build.gradle files.

Also added compile-only dependencies for SpotBugs annotations to consumers. We were previously providing these through path-core:common, but including them in the plugin that introduces SpotBugs is a more logical choice. This solution also avoids adding unnecessary runtime dependencies.

Finally, I cleaned up the Gradle configuration files to remove redundancies and deprecated syntax.

Public API Additions/Changes

N/A

Downstream Consumer Impact

Downstream consumers will automatically have dependency constraints added to their gradle project for org.apache.commons:commons-lang3, org.apache.logging.log4j:log4j-core, and org.jetbrains.kotlin:kotlin-stdlib. These constraints set minimum versions to address known vulnerabilities introduced by checkstyle, spotbugs, pmd, and detekt.

Consumers no longer need to explicitly add the com.github.spotbugs:spotbugs-annotations dependency in their build.gradle files and can safely delete them.

There are no breaking changes to consumer APIs, and no forced migration steps are required.

How Has This Been Tested?

I pulled a snapshot version of this plugin into multiple projects (vogue, path-connector-globalcu, path-accessor-okta) to verify the constraint overrides and classpath injections.

Checklist:

• My code follows the style guidelines of this project
• I have performed a self-review of my code
• I have made corresponding changes to the documentation
• My changes generate no new warnings
• I have added tests that prove my fix is effective or that my feature works