Make GCP SA token refresh non-blocking with warning on failure (#718)

## 🥞 Stacked PR
Use this
[link](https://github.com/databricks/databricks-sdk-java/pull/718/files)
to review incremental changes.
-
[**hectorcast-db/stack/port-6-gcp-sa-nonblocking**](#718)
[[Files
changed](https://github.com/databricks/databricks-sdk-java/pull/718/files)]
-
[hectorcast-db/stack/port-7-integration-test-metadata](#719)
[[Files
changed](https://github.com/databricks/databricks-sdk-java/pull/719/files/098605a019d01e262cd9d81d0315be4b77a0fd55..69946cd4740e3226676dd7ff2dce4f0ecbaede68)]
-
[hectorcast-db/stack/port-8-remove-unified-flag](#720)
[[Files
changed](https://github.com/databricks/databricks-sdk-java/pull/720/files/69946cd4740e3226676dd7ff2dce4f0ecbaede68..af8d93a4758d730905a9d95833f05911c68e8b5c)]

---------
## Summary

Port of Go SDK
[#1544](databricks/databricks-sdk-go#1544).

Makes the GCP SA access token (`X-Databricks-GCP-SA-Access-Token`)
refresh non-blocking in both `GoogleIdCredentialsProvider` and
`GoogleCredentialsCredentialsProvider`. On failure, a warning is logged
and the header is skipped instead of throwing an exception. The token is
now always attempted regardless of client type (previously only for
ACCOUNT clients).

**Why:** On unified hosts, the config type may not perfectly distinguish
account vs workspace operations. Making the SA token optional ensures
GCP auth doesn't fail when the SA token isn't needed.

**Changes:**
- `GoogleIdCredentialsProvider`: removed `ClientType.ACCOUNT` guard,
catch `IOException` and log warning
- `GoogleCredentialsCredentialsProvider`: same pattern

`NO_CHANGELOG=true`

## Test plan
- [ ] Verify GCP auth works for account and workspace clients
- [ ] Verify warning is logged when SA token refresh fails

Author: hectorcast-db

databricks-sdk-java/src/main/java/com/databricks/sdk/core/GoogleCredentialsCredentialsProvider.java

@@ -66,17 +66,12 @@ public HeaderFactory configure(DatabricksConfig config) {
       Map<String, String> headers = new HashMap<>();
       headers.put("Authorization", String.format("Bearer %s", idToken.getTokenValue()));
 
-      if (config.getClientType() == ClientType.ACCOUNT) {
-        AccessToken token;
-        try {
-          token = finalServiceAccountCredentials.createScoped(GCP_SCOPES).refreshAccessToken();
-        } catch (IOException e) {
-          String message =
-              "Failed to refresh access token from Google service account credentials.";
-          LOG.error(message + e);
-          throw new DatabricksException(message, e);
-        }
+      try {
+        AccessToken token =
+            finalServiceAccountCredentials.createScoped(GCP_SCOPES).refreshAccessToken();
         headers.put(SA_ACCESS_TOKEN_HEADER, token.getTokenValue());
+      } catch (IOException e) {
+        LOG.warn("Failed to refresh GCP SA access token, skipping header: {}", e.getMessage());
       }
 
       return headers;

databricks-sdk-java/src/main/java/com/databricks/sdk/core/GoogleIdCredentialsProvider.java

@@ -69,15 +69,11 @@ public HeaderFactory configure(DatabricksConfig config) {
         throw new DatabricksException(message, e);
       }
 
-      if (config.getClientType() == ClientType.ACCOUNT) {
-        try {
-          headers.put(
-              SA_ACCESS_TOKEN_HEADER, gcpScopedCredentials.refreshAccessToken().getTokenValue());
-        } catch (IOException e) {
-          String message = "Failed to refresh access token from scoped id token credentials.";
-          LOG.error(message + e);
-          throw new DatabricksException(message, e);
-        }
+      try {
+        headers.put(
+            SA_ACCESS_TOKEN_HEADER, gcpScopedCredentials.refreshAccessToken().getTokenValue());
+      } catch (IOException e) {
+        LOG.warn("Failed to refresh GCP SA access token, skipping header: {}", e.getMessage());
       }
 
       return headers;