Snakeyaml was replaced by safeyaml, logback and Guava versions were bumped

[testisnullus]

This PR upgrades SafeYAML, Logback, and Guava to address CVEs and improve library security posture.
Across CircleCI pipelines, there are no new functional regressions, though the Logback bump introduced tracing test failures.
Overall, changes are low-risk and safe to proceed once tracing-related tests are stabilized.

🔍 Cassandra CircleCI Pipeline Comparison (6075–6077)

Aspect	6075 cassandra-4.1.10.ic-circle-ci	6074 ic-cves-fix (SafeYAML)	6076 ic-cves-fix (Logback 1.2.13)	6077 ic-cves-fix (Guava 32.0.1)
Key Changes	Baseline run	SafeYAML	Logback 1.2.9 -> 1.2.13	Guava 27.0 → 32.0.1
Build Stage	✅ OK	✅ OK	✅ OK	✅ OK
Unit Tests (j11_pre-commit_tests)	✅ Pass	❌ 4 fails (diff30, diff40, diff41, diff311)	❌ same 4 fails	❌ same 4 fails
CQLSH Tests	~14 fails	~14 fails	~17 fails ➕ tracing-related	~17 fails (same tracing)
DTests	~100 / 998 fail	~101 / 959 fail	~101 / 1041 fail	~99 / 996 fail
Vnode DTests	~56 / 912 fail	~58 / 914 fail	~58 / 880 fail	~58 / 880 fail
Regression Risk	Reference baseline	✅ Safe	⚠️ Moderate (tracing)	⚠️ Moderate (tracing, due to Logback changes I think)

---

📊 Summary

Type	Finding
🧩 SafeYAML replacement (6074)	No new regressions (unit tests failing due to a 3MB YAML file size limit)
🪵 Logback bump (6076)	Introduced new tracing test failures
🍃 Guava bump (6077)	No new failures
🧱 Baseline (6075)	Stable reference for comparison

[mattsheppard-instaclustr]

Looks sensible to me, thanks for your analysis on the tests - I would not think we will actually want to merge this onto cassandra-4.1.10.ic though - I think we will want a specific branch to keep these changes in separate from the managed service version.