feat(fips): bump sarama to drop kerberos lib in fips mode

[kruskall]

What does this PR do?

bump sarama to latest commit and verify kerberos lib is not linked in the binary

Why is it important?

avoid linking the kerberos lib in the final binary in fips mode

Checklist

• I have read and understood the pull request guidelines of this project.
• My code follows the style guidelines of this project
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• I have made corresponding change to the default configuration files
• I have added tests that prove my fix is effective or that my feature works
• I have added an entry in ./changelog/fragments using the changelog tool
• I have added an integration test or an E2E test

Disruptive User Impact

How to test this PR locally

Related issues

Questions to ask yourself

• How are we going to support this in production?
• How are we going to measure its adoption?
• How are we going to debug this?
• What are the metrics I should take care of?
• ...

[elastic-sonarqube]

Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarQube

[elasticmachine]

💚 Build Succeeded

• Buildkite Build
• Commit: b661a07

cc @kruskall

[simitt]

The PR description says:

bump sarama to latest commit and verify kerberos lib is not linked in the binary

Have you manually validated that the kerberos lib is not linked?

[kruskall]

I did before otel was added 😭

Thanks for mentioning this!

It seems kerberos is still included because of otel using another version of sarama

[elasticmachine]

Pinging @elastic/elastic-agent-control-plane (Team:Elastic-Agent-Control-Plane)