[BRE-831] migrate secrets AKV

[pixman20]

🎟️ Tracking

BRE-831

📔 Objective

Updating to use Azure Key Vault Secrets in place of GitHub secrets.
All GitHub secrets have been migrated to the repository's respective Key Vault.
Azure Service Principals have been updated to use Managed Identities with OIDC.

[github-actions]

Checkmarx One – Scan Summary & Details – 20ace6db-4e19-4452-8a1d-eb295514b9e0

New Issues (3)

Checkmarx found the following issues in this Pull Request

Severity	Issue	Source File / Package	Checkmarx Insight
	CVE-2025-48976	Maven-commons-fileupload:commons-fileupload-1.4	details Recommended version: 1.6.0 Description: Allocation of resources for multipart headers with insufficient limits enabled a Denial of Service (DoS) vulnerability in Apache Commons FileUpload... Attack Vector: NETWORK Attack Complexity: LOW ID: JwuyXpcL7f3OsZrMgb1nY2tAq6SVgBHGQJar22Rq5kY%3D Vulnerable Package
	CVE-2025-48988	Maven-org.apache.tomcat.embed:tomcat-embed-core-10.1.12	details Recommended version: 10.1.42 Description: Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat versions 9.0.0.M1 through 9.... Attack Vector: NETWORK Attack Complexity: LOW ID: KN4JQmNLzjKOGMLzJ8mosLZC5Mhe%2BFSR1350DQj5xZE%3D Vulnerable Package
	CVE-2025-49125	Maven-org.apache.tomcat.embed:tomcat-embed-core-10.1.12	details Recommended version: 10.1.42 Description: Authentication Bypass Using an Alternate Path or Channel vulnerability in Apache Tomcat. When using `PreResources` or `PostResources` mounted other... Attack Vector: NETWORK Attack Complexity: LOW ID: vpxKJrfOVegubzY4vhDVQU05%2BZ14LL2hQ3wkK226YR8%3D Vulnerable Package