Upgrade picard, gatk, fgbio, snpeff to eliminate Java fat JAR CVEs

- picard=2.25.6 → picard>=3.1.1 (eliminates log4j-core 2.5 Log4Shell + 13H)
- gatk=3.8 → gatk4>=4.5.0.0 (eliminates log4j 1.x)
- fgbio>=2.2.1 → fgbio>=2.3.0 (eliminates commons-io 2.7 CVE)
- snpeff=5.1 → snpeff=5.2 (eliminates jackson-databind, gson, commons-io CVEs)

Conda solver resolves cleanly on both amd64 and arm64.
Python code changes (GATK3→4 API migration) will follow in a separate commit.

Author: dpark01

docker/requirements/core.txt

@@ -35,13 +35,13 @@ bedtools>=2.29.2
 bwa>=0.7.17
 cd-hit>=4.6.8
 fastqc>=0.11.7
-fgbio>=2.2.1
-gatk=3.8
+fgbio>=2.3.0
+gatk4>=4.5.0.0
 illumina-interop=1.5.0
 lbzip2>=2.5
 lz4-c>=1.8.3
 minimap2>=2.17
-picard=2.25.6
+picard>=3.1.1
 prinseq>=0.20.4
 sambamba>=1.0.1
 samtools>=1.21

docker/requirements/phylo.txt

@@ -4,5 +4,5 @@ lofreq>=2.1.5
 mafft>=7.508
 mummer4>=4.0.0rc1
 muscle=3.8.1551
-snpeff=5.1
+snpeff=5.2
 vphaser2>=2.0