Update lz4-java from 1.10.2 to 1.10.4

[pan3793]

Summary

ClickHouse Java Client switched to at.yawk.lz4:lz4-java for security reasons, but it unintentionally introduced performance regression.

https://github.com/yawkat/lz4-java/releases/tag/v1.10.4

These changes attempt to fix the native performance regression in 1.9+. They should have no functional or security impact.

See the benchmark reports in Apache Celeborn and Apache Spark projects

• CELEBORN-2218 / [CELEBORN-2218] Bump lz4-java version from 1.8.0 to 1.10.4 to resolve CVE‐2025‐12183 and CVE-2025-66566 apache/celeborn#3555
• SPARK-55803 / [SPARK-55803][BUILD] Bump lz4-java 1.10.4 to bring back performance apache/spark#54585

Checklist

• Unit and integration tests covering the common scenarios were added
• A human-readable description of the changes was provided to include in CHANGELOG
• For significant changes, documentation in https://github.com/ClickHouse/clickhouse-docs was updated with further explanations or tutorials

---

Note

Low Risk
Low risk version bump, but it changes the underlying LZ4 implementation and could affect compression/decompression performance or behavior at runtime.

Overview
Updates the Maven-managed lz4-java dependency version to 1.10.4 (from 1.10.2) via the lz4.version property in pom.xml.

^{Written by Cursor Bugbot for commit e656506. This will update automatically on new commits. Configure here.}