release-24.3: importer: sanitize cloud storage URIs in error messages

[blathers-crl]

Backport 1/1 commits from #164881 on behalf of @mw5h.

---

Summary

• Sanitize cloud storage URIs in readInputFiles error messages using
  cloud.SanitizeExternalStorageURI to strip credentials before including
  them in user-visible errors.
• Fixes three error paths: the "too many parsing errors" pgerror and both
  errors.Wrapf calls that annotate errors with the file path.

Resolves: #151884

Release note (bug fix): Fixed a bug where IMPORT error messages
could include unredacted cloud storage credentials from the source
URI. Credentials are now stripped from URIs before they appear in
error messages.

---

Release justification: Important security fix for an issue encountered by a customer.

[trunk-io]

😎 Merged directly without going through the merge queue, as the queue was empty and the PR was up to date with the target branch - details.

[blathers-crl]

Thanks for opening a backport.

Before merging, please confirm that it falls into one of the following categories (select one):

• Non-production code changes OR fixes for serious issues. Non-production includes test-only changes, build system changes, etc. Serious issues are defined in the policy as correctness, stability, or security issues, data corruption/loss, significant performance regressions, breaking working and widely used functionality, or an inability to detect and debug production issues.
• Other approved changes. These changes must be gated behind a disabled-by-default feature flag unless there is a strong justification not to. Reference the approved ENGREQ ticket in the PR body (e.g., "Fixes ENGREQ-123").

Add a brief release justification to the PR description explaining your selection.

Also, confirm that the change does not break backward compatibility and complies with all aspects of the backport policy.

All backports must be reviewed by the TL and EM for the owning area.

[blathers-crl]

It looks like your PR touches production code but doesn't add or edit any test code. Did you consider adding tests to your PR?

_{🦉 Hoot! I am a Blathers, a bot for CockroachDB. My owner is dev-inf.}

[cockroach-teamcity]

This change is 

[michae2]

LGTM

[blathers-crl]

✅ PR #167947 is compliant with backport policy

Confidence: high
Critical bug criteria met: [Stability or security issues]
Backward compatible: true
Explanation: The pull request addresses a critical security issue by sanitizing cloud storage URIs in error messages, which previously could have unintentionally exposed sensitive credentials. The provided changes in the PR strip credentials from URIs before they appear in user-visible error messages using the cloud.SanitizeExternalStorageURI function. The modifications within the readInputFiles function showcase these changes effectively by substituting the raw URI with its sanitized version in error logging and exception wrapping. This fix is essential for maintaining the security and integrity of data, thus qualifying under the 'Stability or security issues' criterion for critical bugs. The PR is also marked with 'Release justification: Important security fix for an issue encountered by a customer', further supporting the critical nature of these changes. Given these factors, the PR can bypass the feature flag requirement for critical security fixes, making it compliant with the backport policy.

✅ ENGREQ Check Passed: No ENGREQ required (non-production code or serious issues).

_{🦉 Hoot! I am a Blathers, a bot for CockroachDB. My owner is dev-inf.}