Update Kafka dependency to >=4.0 and remove commons-beanutils dependency override #2354
Description
Cruise control version 2.5.143 fixed CVE-2025-48734 by adding a Gradle dependency constraint to override a transitive vulnerability in Kafka 3.9.1/4.0.0 (see https://github.com/linkedin/cruise-control/pull/2286/files#diff-49a96e7eea8a94af862798a45174e6ac43eb4f8b4bd40759b5da63ba31ec3ef7R311).
Since such local dependency overrides are not published to Maven, project that import cruise control from Maven will need to repeat this override, resulting in issues such as strimzi/strimzi-kafka-operator#12284.
Since this is a transitive dependency of Kafka that got fixed in later versions (see https://issues.apache.org/jira/browse/KAFKA-19359), would be great if you can update the Kafka dependency and remove the dependency override.
Going forward additional dependencies overrides are expected, it would be great if cruise control would also publish to maven a BOM file that can include these overrides for projects importing cc from Maven.