fix: configure Jetty to block dangerous request URLs

This PR enables Jetty's HTTP compliance options to disable ambiguous/dangerous HTTP request attributes. It also upgrades Jetty to the latest 9.x version, and supports configuring the Jetty version in the ArchivesSpace image build.