Expand auth error code detection for PGBouncer, MSSQL, and Db2 proxies

[vedant-jaiswal]

Description

Why is this change being made?

1. Database connection poolers (e.g., PGBouncer) and middleware proxies may return different authentication error codes than the underlying database. The library only recognized a narrow set of hardcoded codes per driver, so unrecognized codes failed to trigger secret cache invalidation.

What is changing?

1. PostgreSQL/Redshift: Added SQLSTATE 08P01 — PGBouncer's default error code when serving cached authentication failures via its check_fast_fail() path.
2. Redshift: Added missing SQLSTATE 28000 (invalid_authorization_specification), aligning with the PostgreSQL driver.
3. MSSQL: Added error code 18452 (login from untrusted domain) alongside the existing 18456 (invalid password).
4. Db2: Added error code -4214 (JDBC driver-level connection authorization failure) alongside the existing -1403 (SQL-level invalid password).
5. Javadoc fixes: Corrected inaccurate 28000 description, fixed drivers.mysql → drivers.db2 copy-paste error in Db2 class Javadoc, updated stale documentation links.
6. Tests: Added unit tests for all new error codes across all four drivers.

Related Links

• Issue #, if available:

---

Testing

How was this tested?

1. Added unit tests for each new error code.

When testing locally, provide testing artifact(s):

1. mvn clean test output: Tests run: 66, Failures: 0, Errors: 0, Skipped: 0 — BUILD SUCCESS

---

Reviewee Checklist

Update the checklist after submitting the PR

• I have reviewed, tested and understand all changes
  If not, why:
• I have filled out the Description and Testing sections above
  If not, why:
• Build and Unit tests are passing
  If not, why:
• Unit test coverage check is passing
  If not, why:
• I have ensured no sensitive information is leaking (i.e., no logging of sensitive fields, or otherwise)
  If not, why:
• I have added explanatory comments for complex logic, new classes/methods and new tests
  If not, why:
• I have updated README/documentation (if needed)
  If not, why:
• I have clearly called out breaking changes (if any)
  If not, why:

---

Reviewer Checklist

All reviewers please ensure the following are true before reviewing:

• Reviewee checklist has been accurately filled out
• Code changes align with stated purpose in description
• Test coverage adequately validates the changes

---

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 83.02%. Comparing base (5061ee6) to head (a06e6b1).
⚠️ Report is 1 commits behind head on v2.

Additional details and impacted files

@@             Coverage Diff              @@
##                 v2     #332      +/-   ##
============================================
+ Coverage     82.71%   83.02%   +0.31%     
- Complexity      148      156       +8     
============================================
  Files            12       12              
  Lines           376      377       +1     
  Branches         48       50       +2     
============================================
+ Hits            311      313       +2     
  Misses           58       58              
+ Partials          7        6       -1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[harsheejshah]

Approving post our offline discussion of doing a fast follow to re-evaluate error codes and have a more robust approach for these