update tika-parsers to 1.28.1 (from 1.28) and xstreams to 1.4.19 (from 1.4.18)

[sseide]

Description

This PR updates two dependencies to fix multiple security warnings in this libraries or dependents of these.

Motivation and Context

This fixes the following warnings:

• xstream CVE-2021-43859 (Denial of service)
• junrar (dep of tika-parsers) - Denial of Service - https://security.snyk.io/vuln/SNYK-JAVA-COMGITHUBJUNRAR-2388979
• xercesImpl CVE-2022-23437 (dep of tika-parsers too) - Denial of Service

I added the gpg key from Aurelien Pupier for xerces too as he did the release of this new version (see https://issues.apache.org/jira/browse/XERCESJ-1735#comment-17482989)

How Has This Been Tested?

run gradlew check and used locally

Screenshots (if appropriate):

Types of changes

• Bug fix (non-breaking change which fixes an issue)

Checklist:

• My code follows the code style of this project.
• I have updated the documentation accordingly.

[sseide]

Remark about the tests failed (i am using Linux):

On local execution neither gradlew check, gradlew verifyReleaseDependencies, gradlew :src:dist:verifyReleaseDependencies nor gradlew createDist fail with a mismatch in src/dist/src/dist/expected_release_jars.csv.
And runing any of these tasks with the -PupdateExpectedJars does not update the csv file too.

But the checks running on Windows and MacOS do fail because the expected_release_jars.csv file is not up-to-date.

• https://github.com/apache/jmeter/runs/5214556695?check_suite_focus=true
• https://github.com/apache/jmeter/runs/5214556790?check_suite_focus=true

How should i update the file on Linux? Manually? Some windows/Linux gradle wrapper not in sync?

[sseide]

ok - now gradle somehow found the differences and updated the csv file...

[codecov-commenter]

Codecov Report

Merging #698 (a34eb79) into master (d4f6371) will decrease coverage by 0.00%.
The diff coverage is n/a.

❗ Current head a34eb79 differs from pull request most recent head cfeddd9. Consider uploading reports for the commit cfeddd9 to get more accurate results

@@             Coverage Diff              @@
##             master     #698      +/-   ##
============================================
- Coverage     55.54%   55.54%   -0.01%     
  Complexity    10345    10345              
============================================
  Files          1061     1061              
  Lines         65209    65210       +1     
  Branches       7432     7431       -1     
============================================
  Hits          36221    36221              
- Misses        26431    26432       +1     
  Partials       2557     2557              

Impacted Files	Coverage Δ
...a/org/apache/jmeter/timers/PoissonRandomTimer.java	72.97% <0.00%> (-5.41%)	⬇️
...jmeter/report/processor/ErrorsSummaryConsumer.java	96.36% <0.00%> (+1.91%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update d4f6371...cfeddd9. Read the comment docs.