CHK-13427: fix: upgrade io.netty to 4.2.13.Final (GHSA-38f8-5428-x5cv) (#362)

* Initial plan

* chore: initial plan for GHSA-38f8-5428-x5cv netty-codec-http fix

Agent-Logs-Url: https://github.com/getyourguide/openapi-validation-java/sessions/9f2405ce-d78a-4d99-a122-3e3e307f9f05

Co-authored-by: gygrobot <19344429+gygrobot@users.noreply.github.com>

* fix: upgrade io.netty to 4.2.13.Final to address GHSA-38f8-5428-x5cv HTTP Request Smuggling

Agent-Logs-Url: https://github.com/getyourguide/openapi-validation-java/sessions/9f2405ce-d78a-4d99-a122-3e3e307f9f05

Co-authored-by: gygrobot <19344429+gygrobot@users.noreply.github.com>

* revert: restore gradlew.bat CRLF line endings from main

The gradlew.bat was inadvertently modified to use LF line endings
during the security fix commit. This restores the original CRLF
line endings to match main and avoid unnecessary diff noise.

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: gygrobot <19344429+gygrobot@users.noreply.github.com>
Co-authored-by: clue-bot <bot@getyourguide.com>

Author: 3 people

build.gradle

@@ -35,6 +35,10 @@ subprojects {
                 useVersion('11.0.22')
                 because('GHSA-rv64-5gf8-9qq8 / GHSA-x4m4-345f-5h5g / GHSA-24j9-x2wg-9qv6 / GHSA-gx5v-xp9w-j4cg: Apache Tomcat < 11.0.22 vulnerabilities')
             }
+            if (requested.group == 'io.netty' && requested.version != null && requested.version < '4.2.13.Final') {
+                useVersion('4.2.13.Final')
+                because('GHSA-38f8-5428-x5cv: HTTP Request Smuggling in io.netty:netty-codec-http via malformed Transfer-Encoding headers')
+            }
         }
     }