RUN-3894: Update sshj to 0.40.0 for CVE-2025-8916

[fdevans]

Summary:
✅ CVE-2025-8916 affects Bouncy Castle versions 1.44-1.78 (fixed in 1.79)
✅ SSHJ 0.40.0 includes the updated Bouncy Castle dependency (fixed)
✅ All required dependencies verified (eddsa, bouncycastle bundles)
✅ Build successful - all tests passed

Closes #79

[Copilot]

Pull request overview

This pull request updates the SSHJ library from version 0.39.0 to 0.40.0 to address CVE-2025-8916, a security vulnerability affecting Bouncy Castle versions 1.44-1.78. The update ensures the project uses SSHJ 0.40.0, which includes the fixed Bouncy Castle dependency (version 1.79+). The project already has Bouncy Castle 1.80 configured, which is compatible with the updated SSHJ version.

Key Changes

• Updated SSHJ dependency from 0.39.0 to 0.40.0 in the Gradle version catalog
• Ensures CVE-2025-8916 vulnerability is mitigated through updated transitive Bouncy Castle dependencies
• All tests passed successfully according to the PR description

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

You can also share your feedback on Copilot code review for a chance to win a $100 gift card. Take the survey.

[ronaveva]

LGTM