Bump OpenTelemetry dependencies to fix vulnerabilities (#1685)

* Turn off vulnerability checks (we have `scan-vulnerable-dependencies.yml` for that)

* Use `dotnet list package --vulnerable --include-transitive` to detect vulnerable packages

* Make Sonar aware of vulnerable packages

* Bump OpenTelemetry dependencies to fix vulnerabilities

Author: bart-vmware

versions.props

@@ -71,8 +71,8 @@
     <MicrosoftIdentityModelVersion>8.14.*</MicrosoftIdentityModelVersion>
     <MicrosoftDiagnosticsNETCoreClientVersion>0.2.652701</MicrosoftDiagnosticsNETCoreClientVersion>
     <MicrosoftDiagnosticsTracingTraceEventVersion>3.1.23</MicrosoftDiagnosticsTracingTraceEventVersion>
-    <OpenTelemetryExporterPrometheusVersion>1.14.*-*</OpenTelemetryExporterPrometheusVersion>
-    <OpenTelemetryVersion>1.14.*</OpenTelemetryVersion>
+    <OpenTelemetryExporterPrometheusVersion>1.15.*-*</OpenTelemetryExporterPrometheusVersion>
+    <OpenTelemetryVersion>1.15.*</OpenTelemetryVersion>
     <SerilogVersion>9.0.*</SerilogVersion>
     <SerilogSinksConsoleVersion>6.1.*</SerilogSinksConsoleVersion>
   </PropertyGroup>