[FLINK-36602][table] Backport: override json-path version for calcite 1.32

[tomncooper]

What is the purpose of the change

This is a backport of #25602.

There is a high severity CVE (CVE-2023-1370) in the json-path version used by Calcite 1.32 used in the flink-table-calcite-bridge module.

Newer versions of Calcite update to newer versions of json-path. However, updating Calcite to the latest version (FLINK-36602) is not straightforward and involves changes to the SQL parsing logic. Following discussion on the dev mailing list, an incremental Calcite upgrade process is preferred. Therefore, this PR simply patches the transitive dependency.

Brief change log

This PR overrides the specific transitive json-path (version 2.7.0) dependency in the flink-table-calcite-bridge pom file to version 2.9.0.

Verifying this change

This change is already covered by existing tests in the flink-table module.

Does this pull request potentially affect one of the following parts:

• Dependencies (does it add or upgrade a dependency): yes
• The public API, i.e., is any changed class annotated with @Public(Evolving): no
• The serializers: no
• The runtime per-record code paths (performance sensitive): no
• Anything that affects deployment or recovery: JobManager (and its components), Checkpointing, Kubernetes/Yarn, ZooKeeper: no
• The S3 file system connector: no

Documentation

• Does this pull request introduce a new feature? no

[flinkbot]

CI report:

• b9ebb37 Azure: SUCCESS

Bot commands

The @flinkbot bot supports the following commands:

• @flinkbot run azure re-run the last Azure build

[gracegrimwood]

Looks like the Azure CI failed due to some issue downloading a copy of NodeJS, nothing to do with this PR. This wasn't the only run to fail in this way at that time, there was also this one a couple hours earlier (built from a commit on master). I suspect running the pipeline again will resolve the issue, not sure if you'll need to rebase to make that happen but it couldn't hurt.

Otherwise LGTM!