GHSA-pqqf-7hxm-rj5r: Leaky JWTs in OpenMetadata exposing highly-privileged bot users

OpenMetadata leaks JWT tokens used by highly-privileged ingestion-bot accounts through API calls to `/api/v1/ingestionPipelines` for certain services (Glue, Redshift, Postgres). Any read-only user can extract these JWTs from the UI's network requests and use them to make destructive API calls, enabling privilege escalation and potential data leakage. The vulnerability was demonstrated in the Collate Sandbox by extracting an ingestion bot JWT and using it to modify database descriptions.