Upgrade OPA to v0.40.0

[willbeason]

There's a CVE for OPA v0.39.0 which can cause a DOS: https://ossindex.sonatype.org/vulnerability/CVE-2022-28946

See open-policy-agent/opa#4548 for motivation

[ritazh]

Should dependabot have detected this and bumped the version?

[willbeason]

That's a good point! It should have

[ritazh]

@sozercan I don't think dependabot has been running since it was added. Could it be that we are looking at / instead of /constraint?

[sozercan]

@ritazh good catch! opened #229