Update common to 2.1.6

What does this MR do?

Bump common dependency to version: v2.1.6

Primary difference is that v2.1.5 introduces a more stable vulnerability order, but I bumped it to the latest anyway:

❯ _gl_diff_reports test/expect/gl-sast-report.json test/fixtures/gl-sast-report.json
ERROR: vulnerability order has changed

What are the relevant issue numbers?

Does this MR meet the acceptance criteria?

• Changelog entry added
• Documentation created/updated for GitLab EE, if necessary
• Documentation created/updated for this project, if necessary
• Documentation reviewed by technical writer or follow-up review issue created
• Tests added for this feature/bug
• Job definition updated, if necessary
  • Auto-DevOps template
  • Job definition example
  • CI Templates
• Conforms to the code review guidelines
• Conforms to the Go guidelines
• Security reports checked/validated by reviewer