switch to at.yawk.lz4:lz4-java due to CVE-2025-12183

https://sites.google.com/sonatype.com/vulnerabilities/cve-2025-12183

the existing jar groupId is no longer maintained and the CVE is a high risk one

The new jar uses the same package names as the original jar so the change only really involves changing your build files