fix: tomcat netty crypto CVEs

Derek Zhangrequested to merge
cve-fix into master

Merge request template

io.netty:netty-handler (app.jar) │ CVE-2025-24970 org.apache.tomcat.embed:tomcat-embed-core (app.jar) │ CVE-2025-24813 │ CRITICAL org.springframework.security:spring-security-crypto │ CVE-2025-22228 │ HIGH

Merge request reports