chore: upgrade Jetty from 11.0.26 to 12.1.9 (ee10) (#147)

* chore: upgrade Jetty from 11.0.26 to 12.1.9 (ee10)

Migrate from Jetty 11 to Jetty 12.1.9 using ee10 servlet compatibility layer:
- Update hypertrace-bom catalog version to 0.3.79 (includes Jetty 12.1.9)
- Update jakarta-servlet-api from 6.0.0 to 6.1.0
- Update servlet imports from o.e.j.servlet.* to o.e.j.ee10.servlet.*
- Update servlets imports from o.e.j.servlets.* to o.e.j.ee10.servlets.*
- Fix setVirtualHosts(String[]) to setVirtualHosts(List<String>)
- Remove setShowServlet(false) (method removed in 12.1.x, behavior is now default)
- Change ErrorHandler variable type to ErrorHandler from ee10 package
- Regenerate all gradle lock files

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: suppress false positive CVE-2026-42154 for prometheus simpleclient

CVE-2026-42154 (CVSS 7.5) is a DoS vulnerability in the Prometheus
server's /api/v1/read remote read endpoint (Go binary, fixed in
v3.5.3 and v3.11.3). OWASP dependency-check incorrectly matches
io.prometheus:simpleclient* Java jars against the same CPE
(cpe:2.3:a:prometheus:prometheus) due to the shared "prometheus" name.

The Java simpleclient library is a metrics instrumentation library
and does not contain the affected remote read endpoint. This is a
confirmed false positive per NVD (https://nvd.nist.gov/vuln/detail/CVE-2026-42154)
which lists only the prometheus/prometheus Go server as affected.

References:
- NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-42154
- Fix PRs: prometheus/prometheus#18584, prometheus/prometheus#18585
- Advisory: GHSA-8rm2-7qqf-34qm

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* Revert "fix: suppress false positive CVE-2026-42154 for prometheus simpleclient"

This reverts commit f95e9d0.

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>

 Add optional maxConnectionAge and maxConnectionAgeGrace support to G… (

#143)

* Add optional maxConnectionAge and maxConnectionAgeGrace support to GrpcPlatformServerDefinition

AI-Session-Id: c5dae67b-13fb-4369-80af-7b15a26bfbdf
AI-Tool: claude-code
AI-Model: unknown

* Change maxConnectionAge fields from seconds to Duration

chore: upgrade jetty version to 11.0.26 to fix CVE-2025-5115 (#138)

Update gradle locks (#127)

Co-authored-by: aaron-steinfeld <aaron-steinfeld@users.noreply.github.com>

chore: update java compatibility and fix vulnerability (#120)

ci: update repos (#119)

* ci: update repos

* ci: force rerun

upgrade document-store version (#118)

move to global suppression (#116)

Disable reporting of standard database metrics (#114)

refactor: update grpc, netty, jetty (#112)