Major dependency update

[SplittyDev]

Abstract

This PR updates lots of dependencies. Some of them require code changes (mostly the next, axum and metrics upgrades), which have been implemented and tested.

Major Changes

Web

• Upgrade node (19/20 -> 21)
  • Upgrade node in server dockerfile (20 -> 21)
  • Upgrade node in web dockerfile (19 -> 21)
  • Add .nvmrc for node 21
  • Add node 21 to CI matrix
  • Drop node [16, 18] from CI matrix (not supported anymore)
• Upgrade NextJS (13 -> 14)
  • Fix SSR issue with DeleteButton component
  • Fix hydration issues in privacy page

Server

• Upgrade axum (0.6 -> 0.7)
  • Fix server compile errors caused by major axum API changes
  • Introduce axum-extra dependency (axum dropped the headers feature)
  • Upgrade tower-http (0.4 -> 0.5) as required by axum 0.7
• Upgrade metrics (0.21 -> 0.22)
  • Fix compile issues resulting from metrics API changes in server code

Minor Changes

• ci: Update node matrix to include 21 and exclude unsupported versions ([16, 18])
• web: Update lockfile with lots of semver-compatible dependency updates (no breakage observed)
• server-workspace: Format all files (cargo +nightly fmt)
• server-workspace: Fix minor clippy lints
• server-workspace: Update async-trait (0.1.68 -> 0.1.80)
• server-shared: Update once_cell (1.18 -> 1.19)
• server-db: Update diesel (lockfile)
• server-db: Update deadpool (0.9.5 -> 0.11) and deadpool-diesel (0.4.1 -> 0.6)
• server: Update regex (1.9 -> 1.10)
• server: Update tracing (0.1.37 -> 0.1.40)
• server: Update metrics-exporter-prometheus (0.12 -> 0.14)

Other Changes

• deny: Update config to version 2
  • This allows us to drop many properties that now have deny as their default value
• deny: Add missing git source for bincache
• web: Add BlueOak-1.0.0 to allowed licenses
  • A single package uses that one, and it seems to be some snowflake license that's basically just MIT. We can safely use it, but it's super annoying that people use these weird-ass licenses from time to time..

[Neotamandua]

LGTM