Upgrade the kafka-clients library to 3.9.0

[mxcross]

reactor-kafka is still on kafka-clients 3.6.0. It would be beneficial to have this updated to the latest kafka-clients library which is currently 3.9.0.

Motivation

kafka-clients on lower versions than 3.8.0 are being detected by security scans as vulnerable due to improper enforcement of ACLs during migration of a cluster from ZooKeeper mode to KRaft mode.

Desired solution

Upgrade the kafka-clients library to at least 3.8.0, but 3.9.0 would be more desirable.

Considered alternatives

Additional context

[maksimlikharevau]

Assuming we have CVEs up to 3.9.1, it would be prudent to move up to 3.9.1 at least.

Apache Kafka Client Arbitrary File Read and Server Side Request Forgery Vulnerability
GHSA-vgq5-3255-v292