[liblzma] port uses compromised version

**Describe the bug**
vcpkg updated liblzma to 5.6.0. This version is known as compromised and backdoored

https://nvd.nist.gov/vuln/detail/CVE-2024-3094
https://www.redhat.com/en/blog/urgent-security-alert-fedora-41-and-rawhide-users

This is a solid 10.0 CVE score vulnerability

vcpkg should immediately revert from 5.6.0