[improve][build] Upgrade org.apache.kerby:kerb-simplekdc from 1.1.1 to 2.1.1

[lhotari]

Motivation

org.apache.kerby:kerb-simplekdc was last bumped to 1.1.1, which was released on May 25th, 2018. That release transitively pulls in some vulnerable dependencies, including com.nimbusds:nimbus-jose-jwt 4.41.2.

Kerby 2.1.1 is the latest release and brings in modern, supported versions of its transitive dependencies (e.g. nimbus-jose-jwt 10.6), in addition to several years of upstream bug fixes.

Modifications

• Bump kerby version in gradle/libs.versions.toml from 1.1.1 to 2.1.1.

The kerb-simplekdc artifact is only used in test scope by the pulsar-broker-auth-sasl module (MiniKdc.java). The API surface used by MiniKdc (SimpleKdcServer, KdcConfigKey, KrbException, org.apache.kerby.util.IOUtil, org.apache.kerby.util.NetworkUtil) is source-compatible between 1.1.1 and 2.1.1, so no production or test code changes are required.

Verifying this change

• Make sure that the change passes the CI checks.

This change is already covered by existing tests:

• ./gradlew :pulsar-broker-auth-sasl:test — all 11 tests pass (ProxySaslAuthenticationTest, SaslAuthenticateTest, SaslServerTokenSignerTest), which exercise the SASL/Kerberos flow backed by the embedded Kerby SimpleKdcServer via MiniKdc.
• ./gradlew spotlessCheck checkstyleMain checkstyleTest — clean.

Does this pull request potentially affect one of the following parts:

• Dependencies (add or upgrade a dependency)
• The public API
• The schema
• The default values of configurations
• The threading model
• The binary protocol
• The REST endpoints
• The admin CLI options
• The metrics
• Anything that affects deployment

This is a test-scope dependency upgrade (kerb-simplekdc is only used by pulsar-broker-auth-sasl tests), so there is no impact on runtime artifacts or deployment.