Maven BOMs do not respect provider specification order

[henryptung]

The docs indicate that:

If more than one recommender defines a recommended version for a module, the last recommender specified will win.

However, the mavenBomProvider is always added first in the provider order, and it is never moved:

https://github.com/nebula-plugins/nebula-dependency-recommender-plugin/blob/master/src/main/groovy/netflix/nebula/dependency/recommender/provider/RecommendationProviderContainer.java#L59
https://github.com/nebula-plugins/nebula-dependency-recommender-plugin/blob/master/src/main/groovy/netflix/nebula/dependency/recommender/provider/RecommendationProviderContainer.java#L129

This causes surprising behavior if you try to rely on provider order semantics as documented.

A workaround is to use addFirst to force low-priority providers before the mavenBomProvider in the stack.

Either documentation should be updated to note the different semantics of mavenBom, or the code should be changed to move mavenBom to the end of the list on invocation.