This was set to false because engin code never let a stop using a connection without releasing it. However, extensions like custom page might do that (even if it's not recommended to use bonita datasource to do sql queries)

Remove deprecated `removeAbandoned` property.

Closes [RUNTIME-918](https://bonitasoft.atlassian.net/browse/RUNTIME-918)
Closes [RUNTIME-862](https://bonitasoft.atlassian.net/browse/RUNTIME-862)

* bump tomcat version to  9.0.58 to fix cve
[CVE-2022-23181](https://lists.apache.org/thread/l8x62p3k19yfcb208jo4zrb83k5mfwg9)

[Changelog](http://groovy-lang.org/changelogs/changelog-3.0.9.html)

Studio uses the 3.0.9 in the backstage, so it would be cleaner to have aligned versions between groovy-eclipe and runtime.

I let you decide if it is too risky to update before the RC

That valve is now used in docker image AND in the bundle tomcat.

It's easier to have it here to simplify code deposit: the docker image only
require the sources and the tomcat bundle zip. Nothing else and nothing needs to be compiled.

* bump tomcat version to  9.0.58 to fix cve
[CVE-2022-23181](https://lists.apache.org/thread/l8x62p3k19yfcb208jo4zrb83k5mfwg9)

The sed was not working since we use alpin and it was no more useful because tomcat already read the JAVA_OPTS env property.

Closes [RUNTIME-841](https://bonitasoft.atlassian.net/browse/RUNTIME-841)

* add SP docker tests: test basic-auth on http-api
* fix bundle tests basic-auth on http-api : expect 404 cause HTTP_API=false
* fix cargo tests, add basic auth to http connection

Covers [RUNTIME-560](https://bonitasoft.atlassian.net/browse/RUNTIME-560)

the command  `hostname -I` doesn't exist in alpine, the good one is `hostname -i`;

to mitigate returned info to possible malicious hacker

Before:
```
curl -i 'http://localhost:8080/bonita/login.jsp?redirectUrl=|'
HTTP/1.1 400
Content-Type: text/html;charset=utf-8
Content-Language: fr
Content-Length: 1950
Date: Mon, 07 Feb 2022 15:10:05 GMT
Connection: close

<!doctype html><html lang="fr"><head><title>État HTTP 400 – Requête invalide</title><style type="text/css">body {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b {color:white;background-color:#525D76;} h1 {font-size:22px;} h2 {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>État HTTP 400 – Requête invalide</h1><hr class="line" /><p><b>Type</b> Rapport d'exception</p><p><b>message</b> Un caractère invalide a été trouvé dans la cible de la requête, les caractères valides sont définis dans RFC 7230 et RFC 3986</p><p><b>description</b> La requête envoyée par le client était syntaxiquement incorrecte.</p><p><b>exception</b></p><pre>java.lang.IllegalArgumentException: Un caractère invalide a été trouvé dans la cible de la requête, les caractères valides sont définis dans RFC 7230 et RFC 3986
    org.apache.coyote.http11.Http11InputBuffer.parseRequestLine(Http11InputBuffer.java:494)
    org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:269)
    org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
    org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:895)
    org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1732)
    org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
    org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191)
    org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)
    org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
    java.base&#47;java.lang.Thread.run(Thread.java:829)
</pre><p><b>note</b> La trace complète de la cause mère de cette erreur est disponible dans les fichiers journaux de ce serveur.</p><hr class="line" /><h3>Apache Tomcat/9.0.56</h3></body></html>%                                                                             ╭─manu@laptop-manu ~/workspace/bonita-distrib-sp git:(security/hide_tomcat_version_in_bundle*)
```

After:
```
curl -i 'http://localhost:8080/bonita/login.jsp?redirectUrl=|'
HTTP/1.1 400
Content-Type: text/html;charset=utf-8
Content-Language: fr
Content-Length: 445
Date: Mon, 07 Feb 2022 15:10:48 GMT
Connection: close

<!doctype html><html lang="fr"><head><title>État HTTP 400 – Requête invalide</title><style type="text/css">body {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b {color:white;background-color:#525D76;} h1 {font-size:22px;} h2 {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>État HTTP 400 – Requête invalide</h1></body></html>%
```

Closes [RUNTIME-603](https://bonitasoft.atlassian.net/browse/RUNTIME-603)

* fix(resources): restore deleted resources files

The files were deleted by 3210c124d7c6d9518a5fb259e5898afae1f0df96

Restore them, as they are apparently needed by the build procedure.

* Delete app-details.less

Co-authored-by: abirembaut <anthony.birembaut@gmail.com>

Our internal repository was mirroring restlet repository, it's not the case anymore.

Fix it by adding restlet repo to the pom

Set the system property `bonita.runtime.logger.sysout` to `Console` or `Console-JSON`

By default the bundle does not log to the system out.

Closes [RUNTIME-795](https://bonitasoft.atlassian.net/browse/RUNTIME-795)

We were using other dependencies.

The dependency is directly in /lib/bonita folder, that's why we exclude it from the war.

* use now  [eclipse-temurin](https://hub.docker.com/_/eclipse-temurin?tab=description) instead of adoptjdk as base docker image that is now the official docker images supported by dockerhub.

If we log both to console and `bonita.log` file, when we start the tomcat
bundle using `startBonita.sh`, it makes logs written both to
`bonita.log` and `catalina.out`. It's better to only log to `bonita.log`
This was the behavior since at least 7.11

That change must be documented because when running the bundle using
`catalina.sh run` it does not log to the console anymore.

bump tomcat version to 9.0.56 to fix cve [CVE-2021-42340](https://security.netapp.com/advisory/ntap-20211104-0001/)

Relates to [RUNTIME-688](https://bonitasoft.atlassian.net/browse/RUNTIME-688)

* bump log4j2 to 2.17.1 to fix cve [cve-2021-44832](https://checkmarx.com/blog/cve-2021-44832-apache-log4j-2-17-0-arbitrary-code-execution-via-jdbcappender-datasource-element/)

* bump log4j2 version to integrate last log4j2 fixe of [CVE-2021-45105](https://logging.apache.org/log4j/2.x/security.html)