Dependencies: Update server dependencies (#20385)

* Bump Azure.Identity from 1.13.2 to 1.16.0

* Bump BenchmarkDotNet from 0.14.0 to 0.15.4

* Bump Bogus from 35.6.3 to 35.6.4

* Bump HtmlAgilityPack from 1.12.1 to 1.12.4

* Bump MailKit from 4.11.0 to 4.14.0

* Bump MessagePack from 3.1.3 to 3.1.4

* Bump Microsoft.AspNetCore.Mvc.Testing from 9.0.4 to 9.0.9

* Bump Microsoft.Data.SqlClient from 6.0.1 to 6.1.1

* Bump Microsoft.Extensions.Caching.Hybrid from 9.8.0 to 9.9.0

* Bump Microsoft.Extensions.Logging.Debug from 9.0.4 to 9.0.9

* Bump Microsoft.NET.Test.Sdk from 17.13.0 to 18.0.0

* Bump ncrontab from 3.3.3 to 3.4.0

* Bump Nerdbank.GitVersioning from 3.7.115 to 3.8.118

* Bump OpenIddict packages from 6.2.1 to 7.1.0

* Bump Serilog from 4.2.0 to 4.3.0

* Bump Serilog.Sinks.File from 6.0.0 to 7.0.0

* Bump Swashbuckle.AspNetCore from 8.1.1 to 9.0.6

* Bump System.Data.Odbc from 9.0.4 to 9.0.9

* Bump System.Data.OleDb from 9.0.4 to 9.0.9

* Bump Microsoft.IdentityModel.JsonWebTokens from 8.8.0 to 8.14.0

* Bump SixLabors.ImageSharp.Web from 3.1.5 to 3.2.0

- Implicit global usings were made opt-in (https://github.com/SixLabors/ImageSharp.Web/pull/391)

* Bump NJsonSchema from 11.0.2 to 11.5.1

* Bump Microsoft packages from 10.0.0-preview.7.25380.108 to 10.0.0-rc.1.25451.107

* Remove Azure.Identity package reference as implicitly referenced versions are no longer vulnerable

* Remove System.Runtime.Caching package reference as it is not used

* Remove System.Net.Http package reference as it is not used

* Set 'allowPrerelease' to true

Global.json was showing as invalid due to a pre-release version being referenced while 'allowPrerelease' was set to 'false'. This can be set to 'false' again later on.

* Remove System.Security.Cryptography.Xml package reference as implicitly referenced versions are no longer vulnerable

* Remove System.Text.RegularExpressions package reference as implicitly referenced versions are no longer vulnerable

* Remove Microsoft.IdentityModel.JsonWebTokens package reference as implicitly referenced versions are no longer vulnerable

* Remove System.Text.Encodings.Web package reference as it is not used

* Remove Microsoft.Data.SqlClient package reference as implicitly referenced versions are no longer vulnerable

* Remove Lucene.Net.Replicator package reference as implicitly referenced versions are no longer vulnerable

* Remove Microsoft.Extensions.Caching.Memory package reference where not used

* Add EFCore migration for OpenIddict v7 update

* Apply suggestion from @kjac

Cosmetic update: Removed blank line as suggested by Copilot

---------

Co-authored-by: Kenn Jacobsen <kja@umbraco.dk>

src/Umbraco.Web.Common/Umbraco.Web.Common.csproj

@@ -34,17 +34,6 @@
     <PackageReference Include="Serilog.AspNetCore" />
   </ItemGroup>
 
-  <ItemGroup>
-    <!-- Take top-level depedendency on System.Net.Http, because Dazinator.Extensions.FileProviders depends on a vulnerable version -->
-    <PackageReference Include="System.Net.Http" />
-    <!-- Take top-level depedendency on System.Text.RegularExpressions, because Dazinator.Extensions.FileProviders and MiniProfiler.AspNetCore.Mvc depends on a vulnerable version -->
-    <PackageReference Include="System.Text.RegularExpressions" />
-    <!-- Take top-level depedendency on Microsoft.IdentityModel.JsonWebTokens, because OpenIddict.AspNetCore, Npoco.SqlServer and Microsoft.EntityFrameworkCore.SqlServer depends on a vulnerable version -->
-    <PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" />
-    <!-- Take top-level depedendency on System.Text.Encodings.Web, because Azure.Identity, Microsoft.EntityFrameworkCore.SqlServer, Dazinator.Extensions.FileProviders depends on a vulnerable version -->
-    <PackageReference Include="System.Text.Encodings.Web" />
-  </ItemGroup>
-
   <ItemGroup>
     <ProjectReference Include="..\Umbraco.Examine.Lucene\Umbraco.Examine.Lucene.csproj" />
     <ProjectReference Include="..\Umbraco.PublishedCache.HybridCache\Umbraco.PublishedCache.HybridCache.csproj" />