[fix](build) Upgrade Maven from 3.6.3 to 3.9.9 in build-env images

[officialasishkumar]

What problem does this PR solve?

Issue Number: close #62412

Problem Summary:

The FE build enforces Maven >= 3.9.0 via the maven-enforcer-plugin (fe/pom.xml, requireMavenVersion [3.9.0,)), which is required by the Maven build cache extension configured under fe/.mvn. However, every build-env Docker image under docker/compilation/ still installs Maven 3.6.3:

• docker/compilation/Dockerfile (source of the recommended build-env-ldb-toolchain-latest image)
• docker/compilation/Dockerfile.gcc10
• docker/compilation/Dockerfile.gcc7
• docker/compilation/arm/Dockerfile

As a result, building Doris master inside the recommended apache/doris:build-env-ldb-toolchain-latest image fails during the FE phase with the enforcer check:

[ERROR] Rule 0: org.apache.maven.enforcer.rules.version.RequireMavenVersion failed with message:
[ERROR] Detected Maven Version: 3.6.3 is not in the allowed range [3.9.0,).

This PR upgrades Maven to 3.9.9 in all four build-env Dockerfiles so the images satisfy the enforced version range.

Additional notes:

• All four images now download the artifact from the permanent archive.apache.org location, so the pinned version keeps resolving after it rolls off the current-release mirrors (downloads.apache.org / dlcdn.apache.org only retain recent releases).
• This also repairs the gcc7 image, which fetched Maven from the long-defunct mirror.bit.edu.cn host; its SHA-512 checksum is updated to the official value for apache-maven-3.9.9-bin.tar.gz.

Verification (the build-env images are published out-of-band, not rebuilt per PR):

• https://archive.apache.org/dist/maven/maven-3/3.9.9/binaries/apache-maven-3.9.9-bin.tar.gz returns HTTP 200.
• The downloaded tarball's SHA-512 matches both the value committed in Dockerfile.gcc7 and Apache's published .sha512.
• 3.9.9 satisfies the FE enforcer range [3.9.0,).

Release note

None

Check List (For Author)

• Test

  • Regression test
  • Unit Test
  • Manual test (add detailed scripts or steps below)
  • No need to test or manual test. Explain why:
    • Other reason: Build-environment Dockerfile change only. The build-env images are published out-of-band and are not built per PR (.github/workflows/code-checks.yml excludes docker/compilation and Dockerfiles). Correctness was verified by confirming the new archive.apache.org artifact URL resolves, the committed SHA-512 matches Apache's published checksum, and 3.9.9 satisfies the FE enforcer range [3.9.0,).

• Behavior changed:

  • No.

• Does this need documentation?

  • No.

[hello-stephen]

Thank you for your contribution to Apache Doris.
Don't know what should be done next? See How to process your PR.

Please clearly describe your PR:

1. What problem was fixed (it's best to include specific error reporting information). How it was fixed.
2. Which behaviors were modified. What was the previous behavior, what is it now, why was it modified, and what possible impacts might there be.
3. What features were added. Why was this function added?
4. Which code was refactored and why was this part of the code refactored?
5. Which functions were optimized and what is the difference before and after the optimization?