Security fixes from the forked repo

[sam-caldwell]

1. fixed directory traversal detections
2. move log4j to slf4j and bump versions

[thedeadliestcatch]

This breaks some of the tests and contains typos, FYI. LOGGER -> logger, a few missing parentheses, and leftover level parameters where they are no longer supported (slf4j's info() does not take a level argument).

[thedeadliestcatch]

Also the directory traversal "fixes" do not comment sufficiently what you are trying to fix, since the path is an UUID-based path randomly generated with no user-controlled components. The only one that is more obvious is the 'zip slip', but it is also debatable whether the applied fix will cover all cases.

I added comments to specific commits but I will summarize those here:

• YaraException handling is eliminated where it is actually needed. You remove Throwable and replace it with the IO-specific IOException, instead of handling these in a more fine-grained manner. This breaks unit tests.
• The repeated instances for the slf4j dependency in pom.xml are unnecessary.
• The refactoring for Logger use is incomplete. slf4j needs a LoggerFactory.

The PR also will fail to build as-is (the unit testing will fail).

Not nitpicking here but yara-java needs quite a bit of work and a PR filed without proper verification can mislead people. I'm working with others to bring it up to speed.