Add parametrized unit tests for auth types across host profiles (#771)

## Summary

- Adds `AuthProfilesTest.java` with 138 parametrized subtests covering 8
auth types across 6 host profiles (LW, NW, LA, NA, SPOGW, SPOGA) on AWS,
Azure, and GCP.
- Mirrors
[databricks/databricks-sdk-go#1627](databricks/databricks-sdk-go#1627)
and
[databricks/databricks-sdk-py#1357](databricks/databricks-sdk-py#1357).
- Java has no `HostMetadataResolver` seam, so each test mocks `GET
/.well-known/databricks-config` and calls `resolve()` so that
`DatabricksConfig.resolveHostMetadata()` actually runs and populates
`discoveryUrl` (and `accountId`/`workspaceId` for bare-host profiles)
from the mocked metadata — the production path Go's resolver injection
shortcuts.
- Adds a dedicated `hostMetadataResolutionPopulatesDiscoveryUrl` subtest
that asserts the derivation explicitly, so a regression where metadata
resolution silently no-ops cannot be masked.

### Profiles tested

| Profile | Description | Derivation |
|---|---|---|
| LW | Legacy Workspace | Baseline |
| NW | New Workspace | LW + `account_id` + `workspace_id` |
| LA | Legacy Account | Baseline |
| NA | New Account | Structurally same as LA |
| SPOGW | SPOG workspace | Unified host + `account_id` + `workspace_id`
|
| SPOGA | SPOG account | Unified host + `account_id` |

### Auth types covered

pat, basic, oauth-m2m, github-oidc, env-oidc, file-oidc,
azure-client-secret, github-oidc-azure

### Not covered (with rationale)

- `databricks-cli`, `azure-cli`: invoke external processes via
`ProcessBuilder`; mocking requires `MockedConstruction` + spy
per-profile. Covered at the unit level by
`DatabricksCliCredentialsProviderTest` /
`AzureCliCredentialsProviderTest` / `CliTokenSourceTest`.
- `azure-devops-oidc`: `AzureDevOpsIDTokenSource` reads `SYSTEM_*`
variables via `System.getenv()` at construction time (not via
`config.getEnv()`); overriding those in-process requires JUnit Pioneer
or reflection, neither of which is in the project's dep set.
- `metadata-service`: no equivalent auth type in the Java SDK.
`AzureMsiCredentialsProvider` hits the Azure IMDS endpoint, not a
Databricks-hosted metadata service.
- `google-credentials`, `google-id`: delegate to Google SDK functions
that parse real crypto keys with no seam for HTTP injection (matches Go
SDK's exclusion).

## Test plan

- [x] All 138 new subtests pass locally (`mvn test
-Dtest=AuthProfilesTest`)
- [x] Existing `com.databricks.sdk.core.*` tests unaffected (908 pass)

This pull request was AI-assisted by Isaac.

Author: hectorcast-db

NEXT_CHANGELOG.md

@@ -13,5 +13,6 @@
 ### Documentation
 
 ### Internal Changes
+* Added parametrized unit tests covering PAT, Basic, OAuth M2M, GitHub OIDC, Env OIDC, File OIDC, Azure Client Secret, and Azure GitHub OIDC against six host profiles (LW, NW, LA, NA, SPOGW, SPOGA) across AWS, Azure, and GCP (138 subtests total). Mirrors databricks-sdk-go PR #1627 and databricks-sdk-py PR #1357.
 
 ### API Changes