Fix kyuubi sessions to return 404 for non-existent sessions and add security improvements

[Yutong-1424]

Why are the changes needed?

This PR addresses two important issues with the Kyuubi sessions API:

1. Incorrect HTTP status codes: When attempting to delete a non-existent session, the API currently returns HTTP 500 (Internal Server Error), which is misleading. A non-existent resource should return HTTP 404 (Not Found) to properly indicate the resource doesn't exist.

2. Security and privacy concerns:

   • The /api/v1/sessions endpoint returns all sessions for all users, potentially exposing sensitive information about other users' sessions
   • Session configuration data may contain sensitive credentials (e.g., passwords, tokens) that should be redacted before being returned to clients

How was this patch tested?

Unit tests were added to verify both changes:

1. Test for 404 response on delete non-existent session: Added delete_non-existent_admin_session_returns_404 test in AdminResourceSuite.scala that verifies deleting a non-existent session returns HTTP 404 instead of 500.

2. Test for config redaction: Added get /sessions returns redacted spark confs test in SessionsResourceSuite.scala that:

   • Creates a session with a sensitive configuration value (spark.password)
   • Retrieves the session list via GET /api/v1/sessions
   • Verifies that the sensitive value is redacted (replaced with asterisks) rather than returned in plain text

Was this patch authored or co-authored using generative AI tooling?

No