Fix: Replace Unsafe Java Deserialization with Jackson Mapper

[simei2k]

This PR addresses a critical security vulnerability in the code that could lead to Remote Code Execution (RCE).

The code was using Java's built-in ObjectInputStream.readObject() for deserialization, which is known to be vulnerable to deserialization attacks if the input comes from an untrusted source.

This vulnerability was initially found and fixed in the git commit below.

References: https://github.com/apache/helix/commit/7af17a31819859e6c46bcb3994ef7d52347760c4

[click33]

sa-token-jboot-plugin 插件是由另一位用户开发提交的pr，如果将 jdk 序列化修改为 Jackson 序列化可能会违背该作者的原意，故不能合并此PR