Update fortify-ci-tools to use a FortifyVulnerabilityExplorer 1.5.3, which is not vulnerable to log4j

PLEASE SEE UPDATE FROM 20220121 WHICH INCLUDES ALL RELEVANT/UPDATED INFORMATION

We updated our docker image to fortifydocker/fortify-ci-tools:3.4.0-jdk-11 which uses FortifyVulnerabilityExporter 1.5.2. You can see that info in the latest docker image release: https://hub.docker.com/r/fortifydocker/fortify-ci-tools

FortifyVulnerabilityExporter version 1.5.2 implemented a change to switch to a new Fortify api client version. (https://github.com/fortify/FortifyVulnerabilityExporter/commit/62eda7aec19f0148a65594b6329b07dd7a71396c) But the 6.1.2 Release of the Fortify API client leverages log4j 2.16.0, which is still vulnerable to the log4j vulnerability. The latest version of log4j being recommended by Maven is 2.17.1, which was released on Dec. 27 (after the release of FortifyVulnerabilityExporter 1.5.2). It looks like the community supporting this API client needs to make a change to leverage the new 2.17.1 log4j instead of 2.16.0.

Please also see the attached screenshot in the Fortify 6.1.2 API client which shows it using 2.16.0 and 2.17.1 being available.

We need to update to the docker image that utilizes log4j 2.17.0.

Please let me know if any additional information is needed or if there are any questions.