Resolve security vulnerabilities in Jackson and Central publishing plugin dependencies

[frankgiordano]

Description

This PR addresses two dependency-related security issues identified by scanning tools.

1. Jackson vulnerability via Unirest module

See #456

Updated the Unirest Jackson integration dependency to a newer version in order to pull in a patched Jackson stack and resolve the reported vulnerability tied to the previous Jackson-based dependency chain.

Updated dependency:

        <dependency>
            <groupId>com.konghq</groupId>
            <artifactId>unirest-modules-jackson-legacy</artifactId>
            <version>4.8.1</version>
        </dependency>

5. CVE-2025-67030 via central-publishing-maven-plugin

See #457

Resolved the vulnerability associated with plexus-utils, which was being introduced through central-publishing-maven-plugin.

Changes made:

Removed central-publishing-maven-plugin from the main section since it is a build plugin, not a runtime dependency
Upgraded the plugin version in the ci-cd profile
Added an explicit plugin dependency override for a patched plexus-utils version

Summary of Changes

• Updated Jackson-related Unirest module to address the reported security issue
• Removed incorrect plugin declaration from project dependencies
• Upgraded central-publishing-maven-plugin
• Overrode plexus-utils in plugin scope to address CVE-2025-67030

Impact

• Resolves the two reported security findings
• Keeps publishing behavior scoped correctly to build/profile usage
• No intended runtime functional changes outside dependency security remediation

Notes

A JSON parsing test failure surfaced after the Jackson-related upgrade which code changes made to handle it.