Remove optional transitive tink and protobuf-java dependencies (#115916)

This commit removes `com.google.crypto.tink` which is transitive and optional dependency of `oauth2-oidc-sdk` and `nimbus-jose-jwt`. We don't seem to be using any functionality that requires `tink` and thus `protobuf-java`. Removing them feels safer than having to maintain misaligned versions.

Author: slobodanadamovic

gradle/verification-metadata.xml

@@ -579,11 +579,6 @@
             <sha256 value="c8fb4839054d280b3033f800d1f5a97de2f028eb8ba2eb458ad287e536f3f25f" origin="Generated by Gradle"/>
          </artifact>
       </component>
-      <component group="com.google.crypto.tink" name="tink" version="1.14.0">
-         <artifact name="tink-1.14.0.jar">
-            <sha256 value="47b2248705e0c9771bc259f22465a79655c1296e2d47aaee852adb7cdacb6198" origin="Generated by Gradle"/>
-         </artifact>
-      </component>
       <component group="com.google.errorprone" name="error_prone_annotations" version="2.11.0">
          <artifact name="error_prone_annotations-2.11.0.jar">
             <sha256 value="721cb91842b46fa056847d104d5225c8b8e1e8b62263b993051e1e5a0137b7ec" origin="Generated by Gradle"/>
@@ -759,11 +754,6 @@
             <sha256 value="8540247fad9e06baefa8fb45eb313802d019f485f14300e0f9d6b556ed88e753" origin="Generated by Gradle"/>
          </artifact>
       </component>
-      <component group="com.google.protobuf" name="protobuf-java" version="4.27.0">
-         <artifact name="protobuf-java-4.27.0.jar">
-            <sha256 value="9072e60fe66cff5d6c0f11a1df21d8f3e4b29b5ee782b45c3fc75f59fbe2b839" origin="Generated by Gradle"/>
-         </artifact>
-      </component>
       <component group="com.google.protobuf" name="protobuf-java-util" version="3.25.5">
          <artifact name="protobuf-java-util-3.25.5.jar">
             <sha256 value="dacc58b2c3d2fa8d4bddc1acb881e78d6cf7c137dd78bc1d67f6aca732436a8d" origin="Generated by Gradle"/>

modules/repository-azure/build.gradle

@@ -63,8 +63,12 @@ dependencies {
   api "com.github.stephenc.jcip:jcip-annotations:1.0-1"
   api "com.nimbusds:content-type:2.3"
   api "com.nimbusds:lang-tag:1.7"
-  api "com.nimbusds:nimbus-jose-jwt:9.37.3"
-  api "com.nimbusds:oauth2-oidc-sdk:11.9.1"
+  api("com.nimbusds:nimbus-jose-jwt:9.37.3"){
+    exclude group: 'com.google.crypto.tink', module: 'tink' // it's an optional dependency on which we don't rely
+  }
+  api("com.nimbusds:oauth2-oidc-sdk:11.9.1"){
+    exclude group: 'com.google.crypto.tink', module: 'tink' // it's an optional dependency on which we don't rely
+  }
   api "jakarta.activation:jakarta.activation-api:1.2.1"
   api "jakarta.xml.bind:jakarta.xml.bind-api:2.3.3"
   api "net.java.dev.jna:jna-platform:${versions.jna}" // Maven says 5.14.0 but this aligns with the Elasticsearch-wide version
@@ -74,8 +78,6 @@ dependencies {
   api "org.codehaus.woodstox:stax2-api:4.2.2"
   api "org.ow2.asm:asm:9.3"
 
-  runtimeOnly "com.google.crypto.tink:tink:1.14.0"
-  runtimeOnly "com.google.protobuf:protobuf-java:4.27.0"
   runtimeOnly "com.google.code.gson:gson:2.11.0"
   runtimeOnly "org.cryptomator:siv-mode:1.5.2"
 
@@ -175,13 +177,11 @@ tasks.named("thirdPartyAudit").configure {
     //    'org.slf4j.ext.EventData' - bring back when https://github.com/elastic/elasticsearch/issues/93714 is done
 
     // Optional dependency of tink
-    'com.google.api.client.http.HttpHeaders',
-    'com.google.api.client.http.HttpRequest',
-    'com.google.api.client.http.HttpRequestFactory',
-    'com.google.api.client.http.HttpResponse',
-    'com.google.api.client.http.HttpTransport',
-    'com.google.api.client.http.javanet.NetHttpTransport',
-    'com.google.api.client.http.javanet.NetHttpTransport$Builder',
+    'com.google.crypto.tink.subtle.Ed25519Sign',
+    'com.google.crypto.tink.subtle.Ed25519Sign$KeyPair',
+    'com.google.crypto.tink.subtle.Ed25519Verify',
+    'com.google.crypto.tink.subtle.X25519',
+    'com.google.crypto.tink.subtle.XChaCha20Poly1305',
 
     // Optional dependency of nimbus-jose-jwt and oauth2-oidc-sdk
     'org.bouncycastle.asn1.pkcs.PrivateKeyInfo',
@@ -253,14 +253,6 @@ tasks.named("thirdPartyAudit").configure {
     'javax.activation.MailcapCommandMap',
     'javax.activation.MimetypesFileTypeMap',
     'reactor.core.publisher.Traces$SharedSecretsCallSiteSupplierFactory$TracingException',
-
-    'com.google.protobuf.MessageSchema',
-    'com.google.protobuf.UnsafeUtil',
-    'com.google.protobuf.UnsafeUtil$1',
-    'com.google.protobuf.UnsafeUtil$Android32MemoryAccessor',
-    'com.google.protobuf.UnsafeUtil$Android64MemoryAccessor',
-    'com.google.protobuf.UnsafeUtil$JvmMemoryAccessor',
-    'com.google.protobuf.UnsafeUtil$MemoryAccessor',
   )
 }