[1.3] Bump bouncycastle to 1.78.1 and kafka to 3.7.0

[cwperks]

Description

Bump bouncycastle from 1.75 to 1.78.1 and kafka to 3.7.0

• Category

Maintenance

Issues Resolved

Resolves Whitesource issues seen in the 1.3.18 version bump: https://github.com/opensearch-project/security/pull/4415/checks?check_run_id=25964867842

Check List

• [X] New functionality includes testing
• [X] New functionality has been documented
• [X] Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license. For more information on following Developer Certificate of Origin and signing off your commits, please check here.

[willyborankin]

@cwperks you need to change *.policy file for the new BC version:

  // BouncyCastle permissions
  permission java.security.SecurityPermission "putProviderProperty.BC";
  permission java.security.SecurityPermission "insertProvider.BC";
  permission java.security.SecurityPermission "removeProviderProperty.BC";
  permission java.security.SecurityPermission "getProperty.org.bouncycastle.ec.max_f2m_field_size";
  permission java.security.SecurityPermission "getProperty.org.bouncycastle.pkcs12.default";
  permission java.security.SecurityPermission "getProperty.org.bouncycastle.rsa.max_size";
  permission java.security.SecurityPermission "getProperty.org.bouncycastle.rsa.max_mr_tests";

[cwperks]

@willyborankin Thanks for catching that! Update the plugin-security.policy file.

[cwperks]

Backported an additional commit from https://github.com/opensearch-project/security/pull/4087 to include kafka-server to resolve a ClassNotFound error during upgrade.

ref: https://github.com/opensearch-project/security/actions/runs/9489776378/job/26151814321?pr=4437

[cwperks]

Pushed another commit to bring in the dependencies introduced in https://github.com/opensearch-project/security/pull/3504/files