Investigate the presence of rexml < 3.3.9 on our release image

CVE-2024-49761 affects rexml < 3.3.9 in Ruby < 3.2. We are not affected because we run Ruby >= 3.2, however the version still comes up in security scans ran by users and it would be better if we could bump the version everywhere.

The rails app was patched in gitlab!171537 (merged) but we're still seeing other version numbers

$ find /opt/gitlab/embedded/lib/ruby/gems/3.2.0/gems -maxdepth 1 -name 'rexml*'
/opt/gitlab/embedded/lib/ruby/gems/3.2.0/gems/rexml-3.3.2
/opt/gitlab/embedded/lib/ruby/gems/3.2.0/gems/rexml-3.3.9
/opt/gitlab/embedded/lib/ruby/gems/3.2.0/gems/rexml-3.2.9

cc @j.castillo @gitlab-com/gl-security/product-security/appsec