Introduce 419 AuthenticationTimeoutResponse instead of using 401 UnauthorizedResponse on token expiration

[sungwy]

Describe the bug

Iceberg clients rely on the distinction between status code values to refresh the token when AuthenticationTimeoutResponse is issued for expired tokens.

Currently, polaris returns a 401 UnauthorizedResponse which isn't conformant to the REST Catalog Spec.

polaris/integration-tests/src/main/java/org/apache/polaris/service/it/test/PolarisManagementServiceIntegrationTest.java

Lines 1993 to 2011 in 49a93f8

	public void testTokenExpiry() {
	// TokenExpiredException - if the token has expired.
	String newToken =
	defaultJwt()
	.withExpiresAt(Instant.now().plus(1, ChronoUnit.SECONDS))
	.sign(Algorithm.HMAC256("polaris"));
	Awaitility.await("expected list of records should be produced")
	.atMost(Duration.ofSeconds(20))
	.pollDelay(Duration.ofSeconds(1))
	.pollInterval(Duration.ofSeconds(1))
	.untilAsserted(
	() -> {
	try (Response response =
	client.managementApi(newToken).request("v1/principals").get()) {
	assertThat(response)
	.returns(Response.Status.UNAUTHORIZED.getStatusCode(), Response::getStatus);
	}
	});
	}

To Reproduce

Use an expired token to make a request against polaris catalog

Actual Behavior

Currently, polaris returns a 401 UnauthorizedResponse which isn't conformant to the REST Catalog Spec.

Expected Behavior

419 AuthenticationTimeoutResponse should be returned

Additional context

No response

System information

No response