Sbt 1.9.4 + Coursier 2.1.6 security fixes

There’s a new version of sbt and Coursier with security vulnerability fix for CVE-2022-46751.

The vulnerability was originally found and fixed in Apache Ivy, but similar issue was found in Coursier as well. The fix was backported to sbt’s Ivy fork and Coursier by @adpi2 at Scala Center. Any tooling using Coursier should upgrade to Coursier 2.1.6.