fix: restore SQL SSL URL normalization

[FakerL]

Summary

• restore SQL URL normalization for async PostgreSQL and MySQL engines
• strip sslmode / ssl-mode / ssl query params from DSNs and pass them through dialect-specific connect_args
• add regression tests for PostgreSQL sslmode=require and MySQL ssl-mode=REQUIRED

Why

Recent upstream changes reintroduced a startup regression for SQL-backed config storage. When ACCOUNT_POSTGRESQL_URL included ?sslmode=require, the config backend passed the raw query string into SQLAlchemy/asyncpg and startup failed with:

TypeError: connect() got an unexpected keyword argument 'sslmode'

This restores the earlier behavior from the old storage implementation in the new shared SQL engine factory, so both account storage and config storage handle SSL query params correctly.

Validation

• uv run python -m unittest tests.test_sql_engine_ssl
• uv run ruff check app/control/account/backends/sql.py tests/test_sql_engine_ssl.py
• ACCOUNT_STORAGE=postgresql ACCOUNT_POSTGRESQL_URL='postgres://...?...sslmode=require' uv run python - <<'PY' ... create_config_backend().version() ... PY
  • confirmed successful startup path with the provided PostgreSQL Aiven URI
• attempted live MySQL connectivity with the provided Aiven URI; SSL parameter handling was normalized correctly, but this environment resolves that host to 127.0.0.1 and the TCP connection is refused before SQL auth/handshake