Update Nimbus, Fixes AB#3328426 (#2724)

### Summary

[AB#3328426](https://identitydivision.visualstudio.com/Engineering/_workitems/edit/3328426)
Updating the Nimbus Jose + JWT version to 10.0.2 due to CVE: [Nimbus
JOSE + JWT is vulnerable to DoS attacks when processing deeply nested
JSON · CVE-2025-53864 · GitHub Advisory
Database](GHSA-xwmg-2g98-w7v9)

I had to change two instances where an internal dependency of Nimbus was
being used for modifiers (I believe said dependency is the one under the
CVE); those have been changed to using javax, which is what's being used
for most of the related modifiers in the codebase.

Ran the pipeline successfully on my branches:
https://identitydivision.visualstudio.com/Engineering/_build/results?buildId=1514283&view=results

AuthApp: currently on 10.2.0.
CP: Notified, and they said they will update the version. CP built
successfully on the pipeline.
LTW: Notified, and they moved to 10.0.2.
OneAuth: Notified; their test app built successfully on the pipeline.

Author: melissaahn

changelog.txt

@@ -10,6 +10,7 @@ vNext
 - [MINOR] Update IP phone app teams signature constants to use SHA-512 format (#2700)
 - [MINOR] Using Baggage to propagate attributes from parent Span (#2671)
 - [PATCH] Fix a few small switch browser bugs (#2710)
+- [MINOR] Update Nimbus version (#2724)
 - [MINOR] Using tenant based flighting for webcp (#2723)
 
 Version 21.4.0

common/src/main/java/com/microsoft/identity/common/internal/authorities/AzureActiveDirectoryAudienceDeserializer.java

@@ -34,10 +34,10 @@
 import com.microsoft.identity.common.java.authorities.AzureActiveDirectoryAudience;
 import com.microsoft.identity.common.logging.Logger;
 
-import net.jcip.annotations.Immutable;
-
 import java.lang.reflect.Type;
 
+import javax.annotation.concurrent.Immutable;
+
 @Immutable
 public class AzureActiveDirectoryAudienceDeserializer implements JsonDeserializer<AzureActiveDirectoryAudience> {
 

common/src/main/java/com/microsoft/identity/common/internal/ui/webview/certbasedauth/DialogHolder.java

@@ -29,10 +29,10 @@
 
 import com.microsoft.identity.common.R;
 
-import net.jcip.annotations.ThreadSafe;
-
 import java.util.List;
 
+import javax.annotation.concurrent.ThreadSafe;
+
 /**
  * Builds and shows SmartcardDialog instances while keeping track of the current dialog being shown to the user.
  */

gradle/versions.gradle

@@ -38,7 +38,7 @@ ext {
     mockitoCoreVersion = "5.11.0"
     mockitoAndroidVersion = "5.11.0"
     multidexVersion = "2.0.1"
-    nimbusVersion = "9.37.3"
+    nimbusVersion = "10.0.2"
     powerMockVersion = "2.0.9"
     runnerVersion = "1.2.0"
     rulesVersion = "1.2.0"