minor: fix several CVE

[cecemei]

Fix several CVE.

Java dependencies (pom.xml):

• apache.ranger.version: 2.7.0 → 2.8.0
• jetty.version: 12.0.30 → 12.1.8
• aircompressor: 2.0.2 → 2.0.3
• plexus-utils: 3.1.0 → 3.6.1 (CVE-2025-67030, but hard to move to 4 since we're using 3.6.0 maven-resolver-provider)

Node.js dependencies (web-console/package.json):

• axios: ^1.12.0 → 1.14.0

---

This PR has:

• been self-reviewed.
  • using the concurrency checklist (Remove this item if the PR doesn't have any relation to concurrency.)
• added documentation for new or modified features or behaviors.
• a release note entry in the PR description.
• added Javadocs for most classes and all non-trivial methods. Linked related entities via Javadoc links.
• added or updated version, license, or notice information in licenses.yaml
• added comments explaining the "why" and the intent of the code wherever would not be obvious for an unfamiliar reader.
• added unit tests or modified existing tests to cover new code paths, ensuring the threshold for code coverage is met.
• added integration tests.
• been tested in a test Druid cluster.