Support MinionContext AuthProvider in Minion executors

[cypherean]

Minion’s executors previously rebuilt auth from a static task token, forcing the Authorization header and preventing per-request token rotation. This broke short‑lived tokens and custom header requirements.

• The change makes executors use the runtime AuthProvider from MinionContext for every outbound HTTP call, preserving custom header names/values and enabling token rotation.
• We keep a strict fallback to the legacy task-token path when no runtime provider is configured, preserving backward compatibility.
• Tests verify runtime-provider preference and legacy fallback; manual validation confirms getRequestHeaders() is called for requests and headers are attached as expected on every request.

[codecov-commenter]

Codecov Report

❌ Patch coverage is 50.00000% with 4 lines in your changes missing coverage. Please review.
✅ Project coverage is 63.30%. Comparing base (95d43c0) to head (1ab277b).
⚠️ Report is 29 commits behind head on master.

Files with missing lines	Patch %	Lines
.../tasks/BaseMultipleSegmentsConversionExecutor.java	33.33%	2 Missing ⚠️
...ion/tasks/BaseSingleSegmentConversionExecutor.java	0.00%	1 Missing ⚠️
...he/pinot/plugin/minion/tasks/BaseTaskExecutor.java	75.00%	0 Missing and 1 partial ⚠️

Additional details and impacted files

@@             Coverage Diff              @@
##             master   #17405      +/-   ##
============================================
+ Coverage     63.28%   63.30%   +0.02%     
- Complexity     1474     1476       +2     
============================================
  Files          3154     3162       +8     
  Lines        188007   188595     +588     
  Branches      28782    28858      +76     
============================================
+ Hits         118977   119391     +414     
- Misses        59807    59955     +148     
- Partials       9223     9249      +26     

Flag	Coverage Δ
custom-integration1	100.00% <ø> (ø)
integration	100.00% <ø> (ø)
integration1	100.00% <ø> (ø)
integration2	0.00% <ø> (ø)
java-11	63.28% <50.00%> (+0.01%)	⬆️
java-21	63.25% <50.00%> (+0.03%)	⬆️
temurin	63.30% <50.00%> (+0.02%)	⬆️
unittests	63.30% <50.00%> (+0.02%)	⬆️
unittests1	55.61% <ø> (-0.07%)	⬇️
unittests2	34.03% <50.00%> (+0.10%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[Copilot]

Pull request overview

This PR enables Minion task executors to use a dynamic runtime AuthProvider from MinionContext instead of relying solely on static task tokens. This allows per-request token rotation, custom authorization headers, and better support for short-lived authentication tokens.

Key Changes:

• Executors now check MinionContext.getTaskAuthProvider() before falling back to the legacy AUTH_TOKEN configuration
• Three locations updated: BaseSingleSegmentConversionExecutor, BaseMultipleSegmentsConversionExecutor (two call sites), and SegmentUploadContext
• Tests verify runtime provider preference and legacy fallback behavior

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.

File	Description
BaseMultipleSegmentsConversionExecutorTest.java	Added test teardown cleanup and two tests verifying runtime provider preference and task token fallback
BaseSingleSegmentConversionExecutor.java	Updated executeTask to prefer runtime AuthProvider over static token with NullAuthProvider check
BaseMultipleSegmentsConversionExecutor.java	Applied runtime provider logic in preProcess, executeTask, and SegmentUploadContext constructor