build/deps: upgrade libxml2 to v2.15.2 (CVE-2026-0990)

[tyson-redpanda]

Upgrades libxml2 from v2.14.6 to v2.15.2 to address CVE-2026-0990
(SNYK-UNMANAGED-LIBXML2-15010797): Uncontrolled Recursion via
xmlCatalogXMLResolveURI() when processing XML catalogs with
self-referencing delegate URI entries, which can cause stack exhaustion
and application crashes.

This PR depends on redpanda-data/vtools#4127 being merged first so the
artifact is available in S3.

Backports Required

• none - not a bug fix
• none - this is a backport
• none - issue does not exist in previous branches
• none - papercut/not impactful enough to backport
• v25.3.x
• v25.2.x
• v25.1.x

Release Notes

Bug Fixes

• Upgrade libxml2 to v2.15.2 to fix CVE-2026-0990 (Uncontrolled
  Recursion via xmlCatalogXMLResolveURI() in XML catalog processing).

FIXES=CORE-15341

[vbotbuildovich]

/backport v25.3.x

[vbotbuildovich]

/backport v25.2.x

[vbotbuildovich]

Failed to create a backport PR to v25.3.x branch. I tried:

git remote add upstream https://github.com/redpanda-data/redpanda.git
git fetch --all
git checkout -b backport-pr-29788-v25.3.x-369 remotes/upstream/v25.3.x
git cherry-pick -x f65ea2df4c a75077fe1b 15f4119d0f

Workflow run logs.

[vbotbuildovich]

Failed to create a backport PR to v25.2.x branch. I tried:

git remote add upstream https://github.com/redpanda-data/redpanda.git
git fetch --all
git checkout -b backport-pr-29788-v25.2.x-686 remotes/upstream/v25.2.x
git cherry-pick -x f65ea2df4c a75077fe1b 15f4119d0f

Workflow run logs.