GH-5060: use more recent version of zookeeper to fix CVE

[barthanssens]

GitHub issue resolved: # 5060

Briefly describe the changes proposed in this PR:

• use a newer version of zookeeper for fix CVE

---

PR Author Checklist (see the contributor guidelines for more details):

• my pull request is self-contained
• I've added tests for the changes I made
• I've applied code formatting (you can use mvn process-resources to format from the command line)
• I've squashed my commits where necessary
• every commit message starts with the issue number (GH-xxxx) followed by a meaningful description of the change

[hmottestad]

What version of zookeeper are we using today? And where is zoo-keeper being used do you know?

[barthanssens]

What version of zookeeper are we using today? And where is zoo-keeper being used do you know?

Via solr-sorlj version 3.6.2 is used (or at least, zookeeper is distributed in the 5.0 SDK), not sure if it is actually used (i.e. started) when using the Solr Index Sail ...

[hmottestad]

Maven is supposed to choose the highest version number when there is a conflict, so hopefully the next time we update solr then it will choose the zookeeper version from solr if it's higher.

I don't really trust that though. So maybe you can add a comment to the Pom to explain that we are only specifying the version here because solr version x.x.x has a transitive dependency for zookeeper that is has a vulnerability?