fix CVE-2023-2976 and upgrade guava to be consistent

[Zhangxunmt]

Description

There is a guava vulnerability #1862.

There are 2 use cases in the code base that use older version of guava:

1. A dependency of Gradle plugin. spotless.
2. A dependency of Gradle core plugin checksytle.

Also, the guava dependencies are not consistent in ML-Commons. The latest version used is 32.1.2.
So to address the problems, this PR set dependency resolution strategy to use guava version 32.1.2-jre for all Gradle projects.

Verified that after this PR, my local cache under ./gradle/caches/modules-2/files-2.1/com.google.guava only contains the 32.1.2 version.

Also after the code change, it can be seen that only the newer version of guava is being used.

Issues Resolved

[List any issues this PR will resolve]

Check List

• New functionality includes testing.
  • All tests pass
• New functionality has been documented.
  • New functionality has javadoc added
• Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (ddebae7) 82.55% compared to head (453c1c4) 82.55%.

Additional details and impacted files

@@            Coverage Diff            @@
##               main    #2009   +/-   ##
=========================================
  Coverage     82.55%   82.55%           
- Complexity     5577     5578    +1     
=========================================
  Files           540      540           
  Lines         22445    22445           
  Branches       2286     2286           
=========================================
  Hits          18530    18530           
+ Misses         2984     2982    -2     
- Partials        931      933    +2     

Flag	Coverage Δ
ml-commons	82.55% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[opensearch-trigger-bot]

The backport to 2.x failed:

The process '/usr/bin/git' failed with exit code 1

To backport manually, run these commands in your terminal:

# Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add .worktrees/backport-2.x 2.x
# Navigate to the new working tree
cd .worktrees/backport-2.x
# Create a new branch
git switch --create backport/backport-2009-to-2.x
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 cbce450ad70608999eb77255a64d61b35dffc7e5
# Push it to GitHub
git push --set-upstream origin backport/backport-2009-to-2.x
# Go back to the original working tree
cd ../..
# Delete the working tree
git worktree remove .worktrees/backport-2.x

Then, create a pull request where the base branch is 2.x and the compare/head branch is backport/backport-2009-to-2.x.