upgrade org.apache.tomcat.embed:tomcat-embed-core to 9.0.108 (#4986)

Due to JDK version constraints, Spring Boot cannot be upgraded further. Therefore, tomcat-embed-core can only be upgraded to 9.0.108 to address the CVE-2025-48989 vulnerability.

Author: qinlonglong123

dependencies/default/pom.xml

@@ -101,6 +101,7 @@
     <vertx.version>4.5.21</vertx.version>
     <zipkin.version>2.24.0</zipkin.version>
     <zipkin-reporter.version>2.16.3</zipkin-reporter.version>
+    <tomcat.version>9.0.108</tomcat.version>
     <!-- Base dir of main -->
     <main.basedir>${basedir}/../..</main.basedir>
   </properties>
@@ -774,6 +775,22 @@
         <version>${java-websocket.version}</version>
       </dependency>
 
+      <dependency>
+        <groupId>org.apache.tomcat.embed</groupId>
+        <artifactId>tomcat-embed-core</artifactId>
+        <version>${tomcat.version}</version>
+      </dependency>
+      <dependency>
+        <groupId>org.apache.tomcat.embed</groupId>
+        <artifactId>tomcat-embed-el</artifactId>
+        <version>${tomcat.version}</version>
+      </dependency>
+      <dependency>
+        <groupId>org.apache.tomcat.embed</groupId>
+        <artifactId>tomcat-embed-websocket</artifactId>
+        <version>${tomcat.version}</version>
+      </dependency>
+
       <dependency>
         <groupId>org.apache.servicecomb</groupId>
         <artifactId>java-chassis-bom</artifactId>