Resolve detected security issues

[RickMoynihan]

Scanning drafter with nvd-clojure reveals at least 99 potential security vulnerabilities in our dependency tree. Many of them ranked HIGH risk.

We should resolve and/or account for all of them; the vast majority will not be exploitable and appear to be due to transitive dependencies in our tree which we are not using.

I suggest the following process:

1. Use nvd to identify the potential problems
2. Go through a process of upgrading or removing / excluding dependencies which have security problems. Ensuring our tests still pass.
3. Any dependencies that are left or break tests due to changes, either fix our code to react accordingly, investigate the CVE itself and apply mitigations.
4. Repeat the process for drafter, and dependencies we control -- in particular many of the CVE's in the tree are likely because grafter itself pulls in all of RDF4j which includes some of the application side of things; we can reduce the surface area of grafter to that which we use in muttnik/drafter and other projects. I'd suggest running nvd on grafter and various libraries we develop too.
5. Get to a stage of either 0 vulnerabilities, or a reduced list of vulnerabilities to tackle in other issues tickets. We can split this job into smaller issues/PRs.
6. Figure out a way to run nvd as part of our CI process, so we are kept upto date wrt deps. (We should break this out into a separate issue.)

We may also wish to use antq to find stale dependencies and suggest their latest (or newer) versions that work with minimal code changes. As part of 6 we may wish to add an antq github action or CI integration to also help keep our deps upto date.

This should also be tackled at the same time as or before tackling in muttnik https://github.com/Swirrl/muttnik/issues/1423