MINOR: suppress dependencycheck warning for CVE-2023-35116 (apache#14460

)

Like in most projects, this attack cannot be achieved by an external
attacker in Kafka.

Reviewers: Josep Prat <josep.prat@aiven.io>

build.gradle

@@ -755,6 +755,9 @@ subprojects {
     task reportCoverage(dependsOn: [coverageGen])
   }
 
+  dependencyCheck {
+    suppressionFile = "$rootDir/gradle/resources/dependencycheck-suppressions.xml"
+  }
 }
 
 gradle.taskGraph.whenReady { taskGraph ->

gradle/resources/dependencycheck-suppressions.xml

@@ -0,0 +1,26 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements.  See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License.  You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
+  <suppress>
+    <notes><![CDATA[
+      The attack described in CVE-2023-35116, like in most application, cannot
+      be achieved by an external attacker.
+    ]]></notes>
+    <cve>CVE-2023-35116</cve>
+  </suppress>
+</suppressions>