I asked myself the same question, "what do I need to do for my app to continue using the Apple Push Notification service (APNs)?" For me, the answer was "nothing". Here is the the key question that led me to this conclusion:
Do you run a server that sends push notifications by POSTing directly to APNs?
No: If you send push notifications through Firebase Cloud Messaging, you POST to Google servers, not Apple servers. So this is Google's problem.
Yes: You need to update the OS on that server to recognize the new cert. Probably your OS already recognizes it. For instance, Ubuntu 22.04 has this new cert in the file /etc/ssl/certs/USERTrust_RSA_Certification_Authority.pem. You can inspect it with openssl x509 -in /etc/ssl/certs/USERTrust_RSA_Certification_Authority.pem -text. You can verify this is the same cert that is referenced in the Apple notification by downloading that cert and inspecting it with openssl x509 -in /tmp/SHA-2\ Root\ \ USERTrust\ RSA\ Certification\ Authority.crt -text -noout.