Patch dependencies with high cves detected by grype

[gmrodgers]

Description of your changes

Similar to crossplane-contrib/provider-kubernetes#109. Patches two dependencies that were appearing in vulnerability scanners as high. Unsure if vulnerable but would be ideal to not have these show up in customer scans.

Could not see an associated issue as far as I can tell.

Update: Bumped another HIGH that was showing up. Now there are 3 packages bumped in this MR.

I have:

• Read and followed Crossplane's contribution process.
• Run make reviewable to ensure this PR is ready for review.

PASS
coverage: 86.5% of statements
ok      github.com/crossplane-contrib/provider-helm/pkg/controller/release      0.039s  coverage: 86.5% of statements
?       github.com/crossplane-contrib/provider-helm/apis        [no test files]
?       github.com/crossplane-contrib/provider-helm/apis/release        [no test files]
?       github.com/crossplane-contrib/provider-helm/apis/release/v1alpha1       [no test files]
?       github.com/crossplane-contrib/provider-helm/apis/release/v1beta1        [no test files]
?       github.com/crossplane-contrib/provider-helm/apis/v1alpha1       [no test files]
?       github.com/crossplane-contrib/provider-helm/apis/v1beta1        [no test files]
15:53:13 [ OK ] go test unit-te

How has this code been tested

Ran make reviewable test and played around with the Release object in-cluster to see if functionality remains unchanges