Fix InputStream leak in RenewableTlsUtils.createSSLFactory

[dkranchii]

What

Switch the key store and trust store InputStreams in RenewableTlsUtils.createSSLFactory to try-with-resources.

Why

The streams were closed only on the success path, after SSLFactory.builder().build() returned. Any exception thrown in between — null trust-store password, malformed keystore, failure in nl.altindag.ssl's builder, etc. — was caught and rewrapped as IllegalStateException, but the open stream was never closed. The leak is most likely to trigger during cert rotation (reloadSslFactory retries 3x and the file watcher catches mid-write states), which compounds it on long-running broker/server/controller/minion processes.
TlsUtils.createKeyManagerFactory and TlsUtils.createTrustManagerFactory in the same package already use this idiom, so the change also removes inconsistency.

Safety

• withIdentityMaterial(InputStream, char[], String) and withTrustMaterial(InputStream, char[], String) consume the stream synchronously into a KeyStore; the stream is not retained for build(). Closing right after the with... call is equivalent to the prior post-build() close on the success path.
• No public API, wire-format, or config change.
• Exception type on failure is unchanged (IllegalStateException wrapping the cause).

Test plan

• ./mvnw -pl pinot-common -am -Dtest=RenewableTlsUtilsTest -Dsurefire.failIfNoSpecifiedTests=false test
• ./mvnw spotless:apply -pl pinot-common
• ./mvnw checkstyle:check -pl pinot-common
• ./mvnw license:check -pl pinot-common

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 63.66%. Comparing base (d88887e) to head (c2b9144).
⚠️ Report is 5 commits behind head on master.

Additional details and impacted files

@@             Coverage Diff              @@
##             master   #18483      +/-   ##
============================================
- Coverage     63.68%   63.66%   -0.03%     
- Complexity     1684     1685       +1     
============================================
  Files          3262     3265       +3     
  Lines        199835   199739      -96     
  Branches      31034    31011      -23     
============================================
- Hits         127266   127161     -105     
- Misses        62416    62440      +24     
+ Partials      10153    10138      -15     

Flag	Coverage Δ
custom-integration1	100.00% <ø> (ø)
integration	100.00% <ø> (ø)
integration1	100.00% <ø> (ø)
integration2	0.00% <ø> (ø)
java-21	63.66% <100.00%> (-0.03%)	⬇️
temurin	63.66% <100.00%> (-0.03%)	⬇️
unittests	63.66% <100.00%> (-0.03%)	⬇️
unittests1	55.75% <100.00%> (-0.03%)	⬇️
unittests2	34.94% <0.00%> (-0.02%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.