fix CVE-2021-28965 via rubocop (direct dependency) upgrade. document it

[bhamail]

IQ Server discovered a vulnerability in one of our components.

I upgraded the vulnerable component, and left a trail of bread crumbs through the forest.

Please holler if I've suggested anything horrific.

cc @bhamail / @DarthHater / @brittanybelle / @gmohre

[DarthHater]

@bhamail I sent this to @lomky and @colinxfleming, who are both Ruby veterans and awesome people (who I think you remember), you might get some feedback from them!

[bhamail]

@lomky I made the big long bundle output text collapsed by default. Hopefully that is better (I kinda wanted to keep the details of the different approaches available for the morbidly curious).

[colinxfleming]

Good explanation of the moving pieces here I think, and covers viable approaches - looks good to my eyes, whatever that's worth!