Iceberg REST configurable OAuth Endpoint

[c-thiel]

Enhancement

Recent changes in Iceberg REST deprecated the oauth2 endpoint as part of the REST spec. Instead, the OAuth2 endpoint of the IdP should be used.

Extract from the updated spec:

The oauth/tokens endpoint is DEPRECATED for REMOVAL. It is not recommended to implement this endpoint, unless you are fully aware of the potential security implications.
All clients are encouraged to explicitly set the configuration property oauth2-server-uri to the correct OAuth endpoint.

It would be great to make the oauth2 server uri configurable by adding a iceberg.catalog.oauth2.server-uri configuration for the Iceberg Rest Catalog.

While on it, it might make sense to also rename the credential configuration property from iceberg.catalog.credential to iceberg.catalog.oauth2.credential as oauth2 might not be the only auth mechanism in the future. trino, presto and spark all use a nested oauth2 prefix, which might be a good orientation. They are also more precise in naming the properties iceberg.rest.xxx.xxx, as iceberg also supports other catalogs than rest.

[Smith-Cruise]

You are right, we should use oauth2 prefix in the future.

Did trino implement oauth2.server-uri parameters? I didn't have seen this parameters in their doc.

[c-thiel]

@Smith-Cruise no, trino is also missing the parameter currently but an issue is also open: trinodb/trino#23086

[c-thiel]

This issue could probably be implemented together with #50518