feat: upgrade edx-drf-extensions to 9.0.0 (#4060)

9.0.0 fixes ENABLE_FORGIVING_JWT_COOKIES bug.
The JWT's LMS user id will now be compared to the
user object's lms_user_id, rather than to its id.
For details, see:
openedx/edx-drf-extensions#408

Note that this won't be put into effect until
ENABLE_FORGIVING_JWT_COOKIES is toggled on
separately.

Also, although this is a major upgrade, it only
caused a backward-incompatible issue in edx-platform.
There are no other changes required for ecommerce.

This is part of the rollout of:
edx/edx-arch-experiments#429

requirements/base.txt

@@ -226,7 +226,7 @@ edx-django-utils==5.5.0
     #   edx-drf-extensions
     #   edx-rest-api-client
     #   getsmarter-api-clients
-edx-drf-extensions==8.13.0
+edx-drf-extensions==9.0.0
     # via
     #   -r requirements/base.in
     #   edx-rbac

requirements/dev.txt

@@ -327,7 +327,7 @@ edx-django-utils==5.5.0
     #   edx-drf-extensions
     #   edx-rest-api-client
     #   getsmarter-api-clients
-edx-drf-extensions==8.13.0
+edx-drf-extensions==9.0.0
     # via
     #   -r requirements/test.txt
     #   edx-rbac

requirements/production.txt

@@ -231,7 +231,7 @@ edx-django-utils==5.5.0
     #   edx-drf-extensions
     #   edx-rest-api-client
     #   getsmarter-api-clients
-edx-drf-extensions==8.13.0
+edx-drf-extensions==9.0.0
     # via
     #   -r requirements/base.in
     #   edx-rbac

requirements/test.txt

@@ -318,7 +318,7 @@ edx-django-utils==5.5.0
     #   edx-drf-extensions
     #   edx-rest-api-client
     #   getsmarter-api-clients
-edx-drf-extensions==8.13.0
+edx-drf-extensions==9.0.0
     # via
     #   -r requirements/base.txt
     #   edx-rbac