Make sure there are no vulnerabilities due to JSON deserialization

Since Jackson 2.10 (the current stable release is 2.12.4) we should be able to prevent deserialisation vulnerabilities by using the new PolymorphicTypeValidator, which uses an allow list for types that can be deserialised, whereas older Jackson releases used a deny list that constantly needed to be updated.

https://cowtowncoder.medium.com/jackson-2-10-features-cd880674d8a2

https://www.csoonline.com/article/3629311/java-deserialization-vulnerabilities-explained-and-how-to-defend-against-them.html