GEODE-10568: Remediation of CVE-2026-1605 and CVE-2025-11143

[JinwooHwang]

Summary

Remediation of CVE-2026-1605 and CVE-2025-11143. The Jetty embedded web server from 12.0.27 to 12.0.33.

Changes

File	Change
build-tools/geode-dependency-management/src/main/groovy/org/apache/geode/gradle/plugins/DependencyConstraints.groovy	Bumped jetty.version to 12.0.33
geode-assembly/src/distributedTest/java/org/apache/geode/session/tests/GenericAppServerInstall.java	Updated hardcoded JETTY_VERSION constant to 12.0.33
geode-assembly/src/integrationTest/resources/assembly_content.txt	Updated Jetty jar filenames in assembly snapshot
geode-assembly/src/integrationTest/resources/gfsh_dependency_classpath.txt	Updated Jetty jar filenames in gfsh classpath snapshot
geode-server-all/src/integrationTest/resources/dependency_classpath.txt	Updated Jetty jar filenames in server-all classpath snapshot

Notes

• Jetty 12.0.x targets Jakarta EE 10 (Servlet 6.0). All modules remain under the ee10 namespace (org.eclipse.jetty.ee10).
• The version is defined centrally in DependencyConstraints.groovy and hardcoded independently in GenericAppServerInstall.java (used for distributed session tests that download the Jetty distribution zip).

For all changes, please confirm:

• Is there a JIRA ticket associated with this PR? Is it referenced in the commit message?
• Has your PR been rebased against the latest commit within the target branch (typically develop)?
• Is your initial contribution a single, squashed commit?
• Does gradlew build run cleanly?
• Have you written or updated unit tests to verify your changes?
• If adding new dependencies to the code, are these dependencies licensed in a way that is compatible for inclusion under ASF 2.0?