CVEs in Dapr SDK version 1.16.0-rc-1

[alicejgibbons]

Bump dependencies for the following as per: https://mvnrepository.com/artifact/io.dapr/dapr-sdk/1.16.0-rc-1

CVE-2025-8916
CVE-2024-30171
CVE-2024-29857
CVE-2023-33201

Steps to Reproduce the Problem

Release Note

RELEASE NOTE:

[salaboy]

All CVEs reported are releated to Bouncy Castle: CVE-2025-8916 -> Introduced by these tests: daf4c8b , is literelly not needed because we shouldn't be testing certificates inside the SDK

[salaboy]

One option is to remove the tests that use bouncy castle, those tests use bouncy castle to check something that is not the responsability of the SDK. The other option is to bump the version, but we continue to accumulate technical debt.