[FLINK-31859][build] Update cyclonedx-maven-plugin from 2.7.3 to 2.7.7

[snuyanzin]

What is the purpose of the change

The PR updates cyclonedx-maven-plugin

there are at least a couple of issues fixing by this update

1. cyclonedx-maven-plugin depends on cyclonedx-core-java 7.2.1 which depends on jackson-dataformat-xml and jackson-databind 2.14.0 containig memory issue ObjectMapper default heap consumption increased significantly from 2.13.x to 2.14.0 FasterXML/jackson-databind#3665
2. current version has issues with other locales while pom reading and leads to lots of traces in logs e.g. after mvn clean verify for flink-core (maven 3.8.6)

[ERROR] An error occurred attempting to read POM
org.codehaus.plexus.util.xml.pull.XmlPullParserException: UTF-8 BOM plus xml decl of ISO-8859-1 is incompatible (position: START_DOCUMENT seen <?xml version="1.0" encoding="ISO-8859-1"... @1:42) 
    at org.codehaus.plexus.util.xml.pull.MXParser.parseXmlDeclWithVersion (MXParser.java:3423)
    at org.codehaus.plexus.util.xml.pull.MXParser.parseXmlDecl (MXParser.java:3345)
    at org.codehaus.plexus.util.xml.pull.MXParser.parsePI (MXParser.java:3197)
    at org.codehaus.plexus.util.xml.pull.MXParser.parseProlog (MXParser.java:1828)
    at org.codehaus.plexus.util.xml.pull.MXParser.nextImpl (MXParser.java:1757)
    at org.codehaus.plexus.util.xml.pull.MXParser.next (MXParser.java:1375)
    at org.apache.maven.model.io.xpp3.MavenXpp3Reader.read (MavenXpp3Reader.java:3940)
    at org.apache.maven.model.io.xpp3.MavenXpp3Reader.read (MavenXpp3Reader.java:612)
    at org.apache.maven.model.io.xpp3.MavenXpp3Reader.read (MavenXpp3Reader.java:627)
    at org.cyclonedx.maven.BaseCycloneDxMojo.readPom (BaseCycloneDxMojo.java:759)
    at org.cyclonedx.maven.BaseCycloneDxMojo.readPom (BaseCycloneDxMojo.java:746)

Verifying this change

This change is a trivial rework / code cleanup without any test coverage.

Does this pull request potentially affect one of the following parts:

• Dependencies (does it add or upgrade a dependency): (yes )
• The public API, i.e., is any changed class annotated with @Public(Evolving): ( no)
• The serializers: ( no )
• The runtime per-record code paths (performance sensitive): ( no)
• Anything that affects deployment or recovery: JobManager (and its components), Checkpointing, Kubernetes/Yarn, ZooKeeper: ( no)
• The S3 file system connector: ( no )

Documentation

• Does this pull request introduce a new feature? ( no)
• If yes, how is the feature documented? (not applicable )

[flinkbot]

CI report:

• ce69182 Azure: SUCCESS

Bot commands

The @flinkbot bot supports the following commands:

• @flinkbot run azure re-run the last Azure build

[MartijnVisser]

LGTM % CI passing

[snuyanzin]

Thanks for having a look!