* fix(site): Bump the binary distribution version. (apache#3624)

Co-authored-by: ChristopherQu <[email protected]>

* chore(deps): update actions/stale digest to dcd2b94 (apache#3643)

* security(getting-started): enforce stronger postgres password and restrict database access (apache#3570)

* security(getting-started): enforce strong postgres passwords and restrict database access

- Add POSTGRES_PASSWORD environment variable to specify the Postgres
  database password.
- Add validation to reject weak default "postgres" password.
- Generate random 16-character password if POSTGRES_PASSWORD is not
  provided.
- Replace all hardcoded "postgres" password references with
  $POSTGRES_PASSWORD variable.
- Restrict Azure PostgreSQL access to VM's public IP using
  `--public-access` flag. This aligns security posture across AWS
  (VPC-only), Azure (IP-restricted), and GCP (authorized-networks)
- Update documentation site to describe the POSTGRES_PASSWORD
  environment variable.

* OpenAPI specs: update README with detailed API specifications (apache#3629)

* CI: simplify `ci-incr-build-cache-save` action usage (apache#3626)

* CI: simplify upload-artifacts call + only on failure (apache#3627)

* CI: simplify java-setup action usage (apache#3628)

* STS roleArn: enable 3rd party STS services (apache#3619)

Certain non-AWS STS service implementations use role ARNs that look quite different from AWS ones.
This change shall enable those STS implementations.

Example role ARNs that currently fail:
* `urn:ecs:sts::s3:assumed-role/s3assumeRole/user1-105-temp`
* `urn:sgws:identity::12345:group/foo-bar-abcdef`

Related issue apache#2743

* Last merged commit 29ccdd1

---------

Co-authored-by: HJ Q. <[email protected]>
Co-authored-by: ChristopherQu <[email protected]>
Co-authored-by: Mend Renovate <[email protected]>
Co-authored-by: Pierre Laporte <[email protected]>
Co-authored-by: Alexandre Dutra <[email protected]>