[ISSUE-4322][Bug] Fix OpenAPI token authentication

[hutiefang76]

What changes were proposed in this pull request?

This PR fixes OpenAPI token authentication for generated access tokens.

The OpenAPI token is stored as an encrypted JWT. During authentication the request token is already decrypted by JWTFilter, so the realm should compare the decrypted stored token with the current credential instead of encrypting the credential again.

Because token encryption uses a random IV, encrypting the same JWT again does not produce the same stored token string, which caused valid OpenAPI requests to be rejected with 401.

Brief change log

• Compare the decrypted stored OpenAPI token with the current credential in ShiroRealm.
• Add a regression test that creates an OpenAPI access token and requests /openapi/app/start, verifying the authentication layer no longer returns 401.

Verifying this change

• Red check before the fix: AccessTokenServiceTest#testOpenApiTokenCanAuthenticate failed with expected: not equal but was: <401>.
• JAVA_HOME=$(/usr/libexec/java_home -v 17) ./mvnw -pl streampark-console/streampark-console-service -am -Dtest=AccessTokenServiceTest,JWTTest -Dsurefire.failIfNoSpecifiedTests=false test
• git diff --check

Closes #4322

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud