We need to remove a Netty dependency override that's causing OpenTelemetry traces to fail when using the gRPC protocol.

Currently, we're overriding the netty-codec-http2 version in the root pom.xml to address CVE-2023-44487. However, this override forces version 4.2.6.Final while Quarkus uses 4.1.128.Final for most other Netty modules. This version mismatch causes a NoClassDefFoundError: io/netty/util/concurrent/Ticker when OpenTelemetry tries to export traces via gRPC, because the Ticker class only exists in Netty 4.2.x but other parts of the stack expect 4.1.x:

Failed to export TraceRequestMarshaler. The request could not be executed. Full error message: io/netty/util/concurrent/Ticker

The good news is that CVE-2023-44487 was fixed in much older versions of Netty, and both 4.1.128.Final and 4.2.6.Final are already patched. This means we can safely remove the override and let Quarkus manage the Netty versions consistently.
By removing this override, we'll fix the OpenTelemetry gRPC exporter and eliminate the version conflict, while still maintaining security since the vulnerability is already addressed in the versions Quarkus uses by default.

The only workaround so far is to use the HTTP/Protobuf protocol instead of gRPC.

Acceptance Criteria

• Remove the section where we override the netty-codec-http2 dependency
• Remove the workaround with comments SWATCH-4288 added in https://github.com/RedHatInsights/rhsm-subscriptions/pull/5264
• Regression testing only