feat: upgrade edx-drf-extensions to 9.0.0

[robrap]

9.0.0 fixes ENABLE_FORGIVING_JWT_COOKIES bug.
The JWT's LMS user id will now be compared to the
user object's lms_user_id, rather than to its id.
For details, see:
openedx/edx-drf-extensions#408

Note that this won't be put into effect until
ENABLE_FORGIVING_JWT_COOKIES is toggled on
separately.

Also, although this is a major upgrade, it only
caused a backward-incompatible issue in edx-platform. There are no other changes required for ecommerce.

This is part of the rollout of:
edx/edx-arch-experiments#429

⛔️ DEPRECATION WARNING

This repository is deprecated and in maintainence-only operation while we work on a replacement, please see this announcement for more information.

Although we have stopped integrating new contributions, we always appreciate security disclosures and patches sent to [email protected]

Anyone internally merging to this repository is expected to release and monitor their changes; if you are not able to do this DO NOT MERGE, please coordinate with someone who can to ensure that the changes are released.

Required Testing

• Before deploying this change, complete a purchase in the stage environment.
  (^ We can remove that manual check once REV-2624 is done and the corresponding e2e test runs again)

Description

Describe what this pull request changes, and why these changes were made. How will these changes affect other people, installations of edx, etc.?
Please include links to any relevant ADRs, design artifacts, and decision documents. Make sure to document the rationale behind significant changes in the repo, per OEP-19, and can be
linked here.

Useful information to include:

• Which edX user roles will this change impact? Common user roles are "Learner", "Course Author", "Developer", and "Operator".
• Include screenshots for changes to the UI (ideally, both "before" and "after" screenshots, if applicable).
• Provide links to the description of corresponding configuration changes. Remember to correctly annotate these changes.

Supporting information

Link to other information about the change, such as Jira issues, GitHub issues, or Discourse discussions.
Be sure to check they are publicly readable, or if not, repeat the information here.

Testing instructions

Please provide detailed step-by-step instructions for testing this change; how did YOU test this change?

Other information

Include anything else that will help reviewers and consumers understand the change.

• Does this change depend on other changes elsewhere?
• Any special concerns or limitations? For example: deprecations, migrations, OpenEdx vs. edx.org differences, development vs. production environment differences, security, or accessibility.