Update jackson-databind from 2.9.9 to 2.9.9.3

This is to address four separate CVEs, two of which are critical:

• CVE-2019-14379 (9.8)
• CVE-2019-14439 (7.5)
• CVE-2019-12384 (5.9)
• CVE-2019-12814 (5.9)

As java-client-api uses three separate jackson modules, I suggest addressing problem by using jackson-bom POM import (2.9.9.20190807) in dependencyManagement.