fix #1289: allowSchemeMismatch=true for tomcat server.xml

[stephanme]

Typically, tomcat runs behind a reverse proxy (gorouter) and TLS is terminated there. This leads to a scheme mismatch between the protocol reported in http headers and what tomcat actually sees. Due to https://bz.apache.org/bugzilla/show_bug.cgi?id=70091 http2 routes don't work anymore with tomcat 10.1.55 and 11.0.22.

Fix is to configure allowSchemeMismatch='true' for UpgradeProtocol in server.xml. Requires tomcat >=10.1.56 or 11.0.23.

[stephanme]

Tested using the demo app of #1289 and my https://github.com/sap-contributions/java-buildpack fork.

% cf push
...
Instances starting...

name:              hello-java
requested state:   started
routes:            hello-java-http1.cfapps.eu12.hana.ondemand.com, hello-java-http2.cfapps.eu12.hana.ondemand.com
last uploaded:     Tue 23 Jun 12:53:47 CEST 2026
stack:             cflinuxfs4
buildpacks:
	name                                                  version   detect output   buildpack name
	https://github.com/sap-contributions/java-buildpack   5.0.5     java            java
...

% curl https://hello-java-http1.cfapps.eu12.hana.ondemand.com
Server: Apache Tomcat/11.0.23
% curl https://hello-java-http2.cfapps.eu12.hana.ondemand.com
Server: Apache Tomcat/11.0.23