[fix][sec] Upgrade BouncyCastle FIPS to 2.0.10 to remediate CVE-2025-8916 (apache#24923)

(cherry picked from commit f3fa7e6)
(cherry picked from commit b0481fd)

Author: guptas6est

bouncy-castle/bcfips/LICENSE

@@ -205,5 +205,6 @@
 This projects includes binary packages with the following licenses:
 Bouncy Castle License
  * Bouncy Castle -- licenses/LICENSE-bouncycastle.txt
-    - org.bouncycastle-bcpkix-fips-1.0.7.jar
-    - org.bouncycastle-bc-fips-1.0.2.6.jar
+    - org.bouncycastle-bcpkix-fips-2.0.10.jar
+    - org.bouncycastle-bc-fips-2.0.1.jar
+    - org.bouncycastle-bctutil-fips-2.0.5.jar

bouncy-castle/bcfips/pom.xml

@@ -32,6 +32,11 @@
   <name>Apache Pulsar :: Bouncy Castle :: BC-FIPS</name>
 
   <dependencies>
+    <dependency>
+      <groupId>org.bouncycastle</groupId>
+      <artifactId>bcutil-fips</artifactId>
+      <version>2.0.5</version>
+    </dependency>
     <dependency>
       <groupId>${project.groupId}</groupId>
       <artifactId>pulsar-common</artifactId>

pom.xml

@@ -201,8 +201,8 @@ flexible messaging model and an intuitive client API.</description>
     <bouncycastle.bcprov-jdk18on.version>1.78.1</bouncycastle.bcprov-jdk18on.version>
     <bouncycastle.bcpkix-jdk18on.version>1.81</bouncycastle.bcpkix-jdk18on.version>
     <bouncycastle.bcprov-ext-jdk18on.version>1.78.1</bouncycastle.bcprov-ext-jdk18on.version>
-    <bouncycastle.bcpkix-fips.version>1.0.7</bouncycastle.bcpkix-fips.version>
-    <bouncycastle.bc-fips.version>1.0.2.6</bouncycastle.bc-fips.version>
+    <bouncycastle.bcpkix-fips.version>2.0.10</bouncycastle.bcpkix-fips.version>
+    <bouncycastle.bc-fips.version>2.0.1</bouncycastle.bc-fips.version>
     <jackson.version>2.17.2</jackson.version>
     <fastutil.version>8.5.16</fastutil.version>
     <reflections.version>0.10.2</reflections.version>