AVRO-3874: Bump minimum Newtonsoft version

[zcsizmadia]

What is the purpose of the change

• Bump Newtonsoft version to fix vulnerabity issues (AVRO-3874)*
  GHSA-5crp-9r3c-p9vr

Verifying this change

This change is a trivial rework / code cleanup without any test coverage.

Documentation

• Does this pull request introduce a new feature? (no)
• If yes, how is the feature documented? (not applicable)

[KalleOlaviNiemitalo]

A similar change was rejected in #1160. Even if Apache.Avro depends on a lower version of Newtonsoft.Json, applications that use it can add a direct dependency on the latest version.

Would the stack overflow be exploited via a malicious schema, or via malicious data? If the latter, then I don't think just upgrading Newtonsoft.Json will suffice, as PreresolvingDatumReader<T> also works recursively and does not seem to implement any depth limits.

[zcsizmadia]

That pr was rejected IMO before the severe vulnerability was discovered.I think this bump needs to happen because of the high severity of the issue. The new NET 8 compiler will warn about using the vulnerable version.