Please don't merge, I will merge it myself.

While we are not affected by CVE-2021-4428 as we are only using the
Log4j2 API and not the implementation which contains the security flaw,
security scanners are known to not always be as fine grained as we would
have liked and we don't want Quarkus to be reported as unsafe because of
false positives.

(cherry picked from commit aead1da0e08a4fc8f57036de83afc78ad472c072)