Migrate logging to log4j 2.x or logback

[twagoo]

The latest version for log4j 1.x has known vulnerabilities that we cannot expect to be addressed (v1.x is officially out of maintenance). Since we use slf4j, all we should need to do is switch the binding and migrate the log configurations.

[twagoo]

Log4j2 seems to be the better choice.

Migration guide from log4j 1.x

[twagoo]

Since VLO 4.10.2 logging has been upgraded to log4j 2.x