Consider removing easyjson dependency due to security risks

[alexandear]

This project has an indirect dependency on github.com/mailru/easyjson:

mailru/easyjson is a Go library with maintainers based in Russia and affiliated with VK Group. VK Group has known ties to the Russian government and a history of cooperating with Russian security services, including sharing user data.

According to the Hunted Labs report, "The Russian Open Source Project That We Can’t Live Without", this dependency poses a significant supply chain risk. To mitigate these risks, I propose to remove this dependency.

The only one dependency that requires easyjson is github.com/wk8/go-ordered-map/v2:

$ go mod why -m github.com/mailru/easyjson
# github.com/mailru/easyjson
github.com/invopop/jsonschema
github.com/wk8/go-ordered-map/v2
github.com/mailru/easyjson/jwriter

We can replace it with a forked version: https://github.com/pb33f/ordered-map

Related issues and discussions:

• Migrate from github.com/mailru/easyjson go-openapi/swag#68
• Request: replace mailru/easyjson go-openapi/spec#214
• Mail.Ru easyjson library security concerns swaggo/swag#1857
• Usage of easyjson library (from mail[dot]ru) mattermost/mattermost#31193
• Security risk: Remove indirect dependency on github.com/mailru/easyjson SpecterOps/bloodhound-go-sdk#11
• Consider removing easyjson dependency due to sanction concerns apache/incubator-kie-tools#3111
• Consider removing easyjson dependency due to sanction concerns apache/answer#1332
• Remove indirect dependency on github.com/mailru/easyjson lima-vm/lima#3527
• Consider removing easyjson dependency due to sanction concerns wk8/go-ordered-map#52