CHK-13321: force jackson-core 3.1.1 across all configurations

The previous fix (ext['jackson-bom.version']) only covered example
projects using the spring-dependency-management plugin. The
spring-boot-starter-web and spring-boot-starter-webflux modules use
compileOnly for Spring Boot starters with platform(BOM_COORDINATES),
so jackson-core:3.1.0 remained on their compileClasspath. Since the
dependency submission action includes compileClasspath, the Dependabot
alert stayed open.

This adds a resolutionStrategy in the root build.gradle that forces
tools.jackson.core:jackson-core to 3.1.1 across ALL configurations
in ALL subprojects.

Closes CHK-13321

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: pboos

build.gradle

@@ -23,6 +23,15 @@ allprojects {
 }
 
 subprojects {
+    configurations.configureEach {
+        resolutionStrategy.eachDependency {
+            if (requested.group == 'tools.jackson.core' && requested.name == 'jackson-core') {
+                useVersion('3.1.1')
+                because('GHSA-2m67-wjpj-xhg9: Jackson Core 3.0.0-3.1.0 maxDocumentLength bypass')
+            }
+        }
+    }
+
     if(it.parent.name == 'examples') {
         apply plugin: 'java'
     } else {