Bump Log4j2 to 2.15.0

This is RE: the 0-day vulnerability in Log4j2.
This Mock is (probably) never used in production, and it's not using
Log4j2 for logging (Spring Boot uses SLF4j as an API and Logback for
logging), but still - just updating to make sure we do not pollute our
user's classpaths with vulnerable libraries.

As per
https://spring.io/blog/2021/12/10/log4j2-vulnerability-and-spring-boot