[CTM-449] Update workbench libs for swagger-ui

[calypsomatic]

Jira ticket: https://broadworkbench.atlassian.net/browse/CTM-449

Summary of changes

What

• Update workbench-oauth2 to 0.9-be59bd7 to pick up a swagger-ui security fix (5.26.2 → 5.32.1). The new workbench-libs commit is on the develop branch which had already bumped http4s from 0.23.33 to 1.0.0-M38, so we needed to upgrade Leonardo's own http4s dependencies to match. http4s-prometheus-metrics was bumped to its corresponding 1.0.0-M38 release, and http4s-ember-client was added as an explicit dependency since it's no longer pulled in transitively by workbench-libs at this version.

Why

Testing these changes

What to test

Who tested and where

• This change is covered by automated tests
  • NB: Rerun automation tests on this PR by commenting jenkins retest or jenkins multi-test.
• I validated this change
• Primary reviewer validated this change
• I validated this change in the dev environment

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 74.08%. Comparing base (8c2428f) to head (a15e5f5).

Additional details and impacted files

@@           Coverage Diff            @@
##           develop    #4906   +/-   ##
========================================
  Coverage    74.08%   74.08%           
========================================
  Files          131      131           
  Lines        11100    11100           
  Branches       895      902    +7     
========================================
  Hits          8223     8223           
  Misses        2877     2877           

---

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 8c2428f...a15e5f5. Read the comment docs.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[TomConner]

@calypsomatic A new vulnerability has been reported in DOMPurify 3.2.4; you may want to bump Swagger UI to 5.2.6 in this PR to get DOMPurify 3.4.0. I've updated https://broadworkbench.atlassian.net/browse/CTM-449.

(If you prefer, merge this PR as is, but a new bug will be needed with a due date of July 14.)

[calypsomatic]

@calypsomatic A new vulnerability has been reported in DOMPurify 3.2.4; you may want to bump Swagger UI to 5.2.6 in this PR to get DOMPurify 3.4.0. I've updated https://broadworkbench.atlassian.net/browse/CTM-449.

(If you prefer, merge this PR as is, but a new bug will be needed with a due date of July 14.)

Since this requires updating workbench-libs to get to swagger-ui, I think I'll go ahead and merge this to get that first vulnerability fixed, and follow up on the next one later