fix(security): upgrade jackson-databind to 2.13.5 (CVE-2022-42003)

[devin-ai-integration]

Summary\n\nUpgrades the Jackson BOM from 2.13.1 → 2.13.5 to remediate CVE-2022-42003 (CVSS 7.5 — Denial of Service via deeply nested objects when UNWRAP_SINGLE_VALUE_ARRAYS is enabled).\n\nSpring Boot 2.6.3 manages Jackson transitively at 2.13.1. The fix overrides the managed version via:\n\ngroovy\next {\n set('jackson-bom.version', '2.13.5')\n}\n\n\nThis upgrades all com.fasterxml.jackson.* modules consistently through the BOM without changing any application code.\n\nCloses #149

Link to Devin session: https://partner-workshops.devinenterprise.com/sessions/21b78071750748a18d1b428eace7c449

[devin-ai-integration]

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

• Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
• Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

• Disable automatic comment, CI, and merge conflict monitoring