chore(dependencies): use version 2.20.0 of log4j-bom

to stay up to date

spinnaker-dependencies/spinnaker-dependencies.gradle

@@ -57,8 +57,8 @@ dependencies {
  */
  // Log4shell safeguard. Per analysis, log4j-core is not included in dependencies, but this would prevent transitive inclusion of it by extension
  // platforms. Doing 2.16.0 which completely removes message lookups AND sets jndi to disabled by default
- // 2.16.0 is subject to CVE-2021-45105. 2.17.0 is subject to CVE-2021-44832, so use 2.17.1.
- api(platform("org.apache.logging.log4j:log4j-bom:2.17.1"))
+ // 2.16.0 is subject to CVE-2021-45105. 2.17.0 is subject to CVE-2021-44832, so use >= 2.17.1.
+ api(platform("org.apache.logging.log4j:log4j-bom:2.20.0"))
 
  //Upgrade of spring boot 2.5.x brings groovy 3.x as transitive dependency.
  //To avoid transitive upgrade of groovy, pinning it with enforcedPlatform() closure.