upgrade the PuppetDB package or find a replacement

in #40699 (closed), we found a really odd problem with PuppetDB that was triggered somehow by either the jetty9 upgrade or by the buster point release done back then. a jetty9 downgrade fixed the issue but introduced a new set of security issues we were worried about. we tried to fix the issue by looking at alternatives for PuppetDB (#40706 (closed)), but that ultimately failed and in that ticket, we simply silenced the warnings triggered by the problem, while keeping the jetty9 version upgraded.

the task here is to make sure we upgrade PuppetDB to a sane release. finding an alternative is also acceptable, provided that it keeps cumin and other tools we have (e.g. Prometheus? the monthly reports? reboot scripts? anything!) that might talk with it working.

this overlaps with the Puppet EOL (#33588 (closed)), but is specifically about PuppetDB, which might be a lower hanging fruit than puppetserver or puppet agent.

the following checklist should be realized before this ticket is closed:

• a newer version of puppetdb is deployed in production, fixing known security issues and closer to upstream
• ideally, that is based on an official debian package from debian.org, alternatively from upstream
• the error in #40699 (closed) has stopped occuring
• the error redaction that happened in #40706 (closed) to fix #40699 (closed) is reverted from tor-nagios