Potential fix for https://github.com/oras-project/oras-java/security/code-scanning/38

To fix this problem while maintaining correct (and standards-compliant) functionality, we should modify the regular expression to explicitly list all valid characters allowed in the media type "token" as defined by RFC6838/RFC2045. The RFC specifies the allowed characters for token as:
[A-Za-z0-9!#$%&'*+.^_{}|~-] That is, only a handful of ASCII symbols, alphanumerics, and the specified specials—not a broad range. The dash (-) should be either at the start or end of the character class to be literal, and special characters like ^do *not* need to be included unless intended. Edit only line 60 (the regex) inArtifactType.java` accordingly. No new imports or helpers are needed.

Suggested fixes powered by Copilot Autofix. Review carefully before merging.