Upgrade commons-collections to 3.2.2.

[Mike Kienenberger]

Before we do another release, let's upgrade our commons-collections
dependency to 3.2.2 as certain JSF configurations likely present
attack vectors.

https://issues.apache.org/jira/browse/COLLECTIONS-580