Upgrade maven-assembly-plugin to 3.7.1 - CVE-2023-37460 (replaces #674)

[camille-hdl]

see https://github.com/cantaloupe-project/cantaloupe/issues/673, in which I explain that I'm not used to the Java ecosystem and I'm interested in advice on how to solve this correctly if this PR is not the right way.

Replaces #674 which targeted release/5.0 to target develop instead.

This bumps plexus-archiver to 4.9.2, which fixes CVE-2023-37460 (starting from 4.8)

see:

• https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12317220&version=12353243
• https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12317220&version=12354406
• https://nvd.nist.gov/vuln/detail/CVE-2023-37460

[glenrobson]

Great thank you! We can look at this in the meeting tomorrow and hopefully merge.

[camille-hdl]

Thanks! I see the meeting is on EU time so I'll see if I can make it, although it would be purely out of curiosity as I don't think i'll be able to offer any valuable input :)