🔒 [security fix] Fix infinite loop in ArrowFileSystemFileIO::ReadFile and fix nanoarrow URL

This commit:
1. Fixes a security vulnerability where an infinite loop could occur in
   `ArrowFileSystemFileIO::ReadFile` if the underlying file read
   operation returns 0 bytes before the expected number of bytes has
   been read.
2. Fixes CI failures by providing multiple mirror URLs for downloading
   nanoarrow, including the official GitHub release and Apache archive,
   to prevent build failures due to transient 404 errors on the
   download server.

Co-authored-by: wgtmac <4684607+wgtmac@users.noreply.github.com>

Author: google-labs-jules[bot]

cmake_modules/IcebergThirdpartyToolchain.cmake

@@ -260,7 +260,10 @@ function(resolve_nanoarrow_dependency)
     set(NANOARROW_URL "$ENV{ICEBERG_NANOARROW_URL}")
   else()
     set(NANOARROW_URL
+        "https://www.apache.org/dyn/closer.lua?action=download&filename=/arrow/apache-arrow-nanoarrow-0.7.0/apache-arrow-nanoarrow-0.7.0.tar.gz"
         "https://dlcdn.apache.org/arrow/apache-arrow-nanoarrow-0.7.0/apache-arrow-nanoarrow-0.7.0.tar.gz"
+        "https://archive.apache.org/dist/arrow/apache-arrow-nanoarrow-0.7.0/apache-arrow-nanoarrow-0.7.0.tar.gz"
+        "https://github.com/apache/arrow-nanoarrow/releases/download/apache-arrow-nanoarrow-0.7.0/apache-arrow-nanoarrow-0.7.0.tar.gz"
     )
   endif()