fix(gms): forward ssl.keystore.type/truststore.type to schema registr…

[manuschillerdev]

Adds ssl.keystore.type / ssl.truststore.type to the @Value allowlist in KafkaSchemaRegistryFactory. Without this, the factory silently drops those two keys from the schema-registry props map, and the consumer/producer factories then putAll() the factory's output after Spring Boot's auto-binding, so any SPRING_KAFKA_PROPERTIES_SCHEMA_REGISTRY_SSL_KEYSTORE_TYPE=PEM the operator set
gets overwritten. This blocks PEM TLS for the Confluent schema-registry REST hop from GMS/MAE/MCE consumers, even though the client itself fully supports PEM via its own SslFactory (https://github.com/confluentinc/schema-registry/blob/v8.0.0/client/src/main/java/io/confluent/kafka/schemaregistry/client/security/SslFactory.java).

The two new fields default to empty string and are only forwarded to the props map when actually set — existing JKS deployments that rely on the client's default type behavior are unaffected.

This is one of the code fixes from RFC datahub-project/datahub#16975 (PEM-first TLS for DataHub outbound connections). Adjacent to datahub-project/datahub#14354 (MAE/MCE consumers can't reach Schema Registry with TLS) and acryldata/datahub-helm#601 (chart has no unified SSL story)

[github-actions]

Linear: PFP-3336

Thanks for your contribution! We have created an internal ticket to track this PR. A member of the core DataHub team will be assigned to review it within the next few business days - you will get a follow-up comment once a reviewer is assigned.

[codecov]

Codecov Report

❌ Patch coverage is 0% with 4 lines in your changes missing coverage. Please review.

Files with missing lines	Patch %	Lines
...fka/schemaregistry/KafkaSchemaRegistryFactory.java	0.00%	2 Missing and 2 partials ⚠️

❌ Your patch check has failed because the patch coverage (0.00%) is below the target coverage (75.00%). You can increase the patch coverage or adjust the target coverage.

📢 Thoughts on this report? Let us know!