[SPARK-56528][CORE] Make Jetty SniHostCheck configurable

[dongjoon-hyun]

What changes were proposed in this pull request?

As a part of SPARK-55556: Improve Web Security, this PR introduces a new configuration spark.ui.jetty.sniHostCheckEnabled that controls Jetty's SNI host check on the Spark UI HTTPS connector. sniHostCheck is recommended by Jetty community as we can see that the default value of Jetty is true already. The previously Spark-side hardcoded SecureRequestCustomizer.setSniHostCheck(false) call in JettyUtils is replaced with a value driven by this configuration.

The default value is false, preserving the existing behavior introduced in SPARK-45522.

• [SPARK-45522][BUILD][CORE][SQL][UI] Migrate from Jetty 9 to Jetty 10 #43765

Why are the changes needed?

In the Jetty usage, jetty.ssl.sniHostCheck=false is supposed to override the default behavior. However, since SPARK-45522 (Jetty 10+), Spark has set SniHostCheck to false strictly to preserve backward compatibility with standalone deployments. Operators who want stricter host checking for security have no way to enable it without patching source. Exposing this as a configuration lets users opt in to SNI host checking when desired.

Does this PR introduce any user-facing change?

No. A new configuration spark.ui.jetty.sniHostCheckEnabled (default: false) is added in Spark 4.2.0. The default preserves the current behavior, so existing deployments are unaffected.

How was this patch tested?

Pass the CIs.

Was this patch authored or co-authored using generative AI tooling?

Generated-by: Claude Code (Opus 4.7)

[dongjoon-hyun]

Thank you, @HyukjinKwon ~ Merged to master for Apache Spark 4.2.0.