This update for kanidm fixes the following issues:

- Update to version 1.9.1~git0.36055feca:
* Release 1.9.1
* 20260220 prevent migration accidents (#4156)
* Alert on unsaved changes (#4155)
* Warn about systemd-userdb (#4147)
* Dont be as upset when migration dir doesnt exist (#4146)

- Update to version 1.9.0~git0.2df2bfc4a:
* Release 1.9.0
* Allow LDAP CA verification to be disabled in sync (#4133)
* Add oauth2 example, fix inter-migration reference handling (#4136)
* Corrected recycle_bin.md typo (#4135)
* Set docker tag properly
* Release "1.9.0-pre"-pre
* chore: Release Notes (#4129)
* Update to use hjson (#4128)
* Python OpenAPI-based internals (#4119)
* Allow reseting (aka clearing) softlocks (#4111)
* 20260122 SCIM batch (#4088)
* Improve upgrade/downgrade testing and checks (#4125)
* Adding scripts for testing nginx and proxyv1 ldap, updating haproxy-protocol (#4087)
* Allow extra characters in claim names (#4110)
* Add ability to backup via stdout (#4114)
* Remove mozilla webauthn authenticator backend (#4118)
* 20260205 truncate service acct tokens (#4113)
* clarify ssh_publickeys oidc claim (#4116)
* Add note about building client tools locked (#4117)
* add RFC8693 to features section of the book (#4112)
* FIX: make tracing-forest stop panic'ing things when enabling otel (#4105)
* Bump bytes from 1.11.0 to 1.11.1 (#4107)
* Tweaking rm_if_exist to remove a race condition (#4103)
* Set `sudo_provider = none` in sssd.conf; Update default value for LDAP_MAXIMUM_QUERYABLE_ATTRIBUTES (#4098)
* Improve secure origin handling in OAuth2 (#4097)
* Radius support for SAN-DN (#4094)
* Bump the all group with 10 updates (#4093)
* Allow UUID when Name also allowed (#4089)
* Disallow methods that should not be used (#4083)
* Prevent panic (#4082)
* 20260116 kanidmd json mode (#4075)
* Return http409 on AttrUniqueness error (#4079)
* Hardening against process errors (#4061)
* 20260108 sync polish (#4054)
* Allow overriding css (#4077)
* Bump the all group with 8 updates (#4078)
* Support homeDirectory virtual attribute (#4073)
* Bump the uv group across 2 directories with 3 updates (#4074)
* Allow invalid passwords to be skipped (#4071)
* shrinking logo.svg and re-brotli-ing others (#4069)
* fallback for target_os dependency management in kanidm_tools webauthn-authenticator-rs (#4067)
* allows service desk to change account validity (#4068)
* kanidm-ipa-sync aws-lc-rs crypto provider fix (#4065)
* 20260107 unixd documentation (#4046)
* Bump the all group with 12 updates (#4059)
* Bump lru from 0.16.2 to 0.16.3 (#4047)
* Prevent server crashing on requests with low log level (#4039)
* Correct rw flag in service account documentation (#4042)
* Bump rsa from 0.9.9 to 0.9.10 (#4041)
* Implement OIDC auth for service-accounts (RFC8963) (#4021)
* 20251219 Uint64/Int64 syntax types (#4022)
* Bump the all group across 1 directory with 16 updates (#4036)
* update askama, askama_web to v0.15 (#4030)
* Bump the all group with 11 updates (#4024)
* Bump yescrypt from 0.1.0-rc.0 to 0.1.0-rc.1 in the all group (#4017)
* Bump the all group with 2 updates (#4016)
* OAuth2 CSP form-action (#4011)
* Handle concurrent pam sessions. (#4001)
* Bump the all group with 5 updates (#4005)
* fix: correcting parsing of backup compression input (#3995)
* Add a home strategy framework (#3985)
* Bump the all group with 8 updates (#3996)
* Resolve infinite reauth loop (#3992)
* Ignore CredentialTypeMinimum during migrations (#3991)
* Allow disabling OAuth2 consent prompt (#3972)
* Report correct client IP in request log (#3990)
* Ensure that privileged sessions expirations are synced (#3984)
* Add reference to the Kanidm anthem (#3987)
* Missing constraint on skip upgrade process (#3983)
* Changing how we parse environment variables in kanidmd (#3977)
* Document the upgrade process through versions. (#3982)
* Bump actions/checkout from 5 to 6 in the all group (#3979)
* Bump the all group with 8 updates (#3980)
* lib crypto should not depend on proto (#3975)
* Change AttributeUniqueness to yield BAD_REQUEST (#3974)
* fix: kanidm_build_profiles has unwrap which can cause builds to fail (#3973)
* Small fixes (#3965)
* Make log messages more verbose for issues with resources server (#3954)
* unixd_tasks: update home alias symlink conditionally and atomically (#3947)
* Manually handle form bytes to allow optional encoding (#3968)
* Improve handling of ready event (#3967)
* Fix typo in kanidm-ldap-sync (#3964)
* Bump the all group with 10 updates (#3963)
* Bump js-yaml (#3957)
* Bump the all group with 3 updates (#3948)
* 20251108 lld (#3944)
* Improve uid/gid overlap message during IAM migration (#3943)
* 1.9.0-dev (#3939)

- Enable python bindings for the primary python version on newer
distributions and 3.11 on 15.x

- Update to version 1.8.6~git0.268c71d0a:
* Release 1.8.6
* Release 1.8.5
* OAuth2 CSP form-action (#4011)
* Force webauthn 0.5.4