[Backport 3.5] Check for -Dorg.bouncycastle.fips.approved_only in testclusters to run with FIPS enforcement

[opensearch-trigger-bot]

Backport bc98ec8 from #20685.

[github-actions]

PR Code Analyzer ❗

AI-powered 'Code-Diff-Analyzer' found issues on commit 0fcf9ca.

Path	Line	Severity	Description
buildSrc/src/main/java/org/opensearch/gradle/testclusters/OpenSearchNode.java	552	medium	Security enforcement weakened: the keystore password requirement for FIPS mode was narrowed from `isInFipsMode()` to `isInFipsApprovedOnlyMode()`. This means test clusters running in standard FIPS mode (without the `org.bouncycastle.fips.approved_only` JVM property) can now start without a keystore password — bypassing a previously mandatory security check. While the distinction between FIPS mode and FIPS approved-only mode can be legitimate, this change silently downgrades a FIPS enforcement gate and warrants scrutiny to confirm intent.

The table above displays the top 10 most important findings.

Total: 1 | Critical: 0 | High: 0 | Medium: 1 | Low: 0

---

Pull Requests Author(s): Please update your Pull Request according to the report above.

Repository Maintainer(s): You can bypass diff analyzer by adding label skip-diff-analyzer after reviewing the changes carefully, then re-run failed actions. To re-enable the analyzer, remove the label, then re-run all actions.

---

⚠️ Note: The Code-Diff-Analyzer helps protect against potentially harmful code patterns. Please ensure you have thoroughly reviewed the changes beforehand.

Thanks.

[github-actions]

✅ Gradle check result for 0fcf9ca: SUCCESS

[codecov]

Codecov Report

❌ Patch coverage is 0% with 2 lines in your changes missing coverage. Please review.
✅ Project coverage is 73.25%. Comparing base (c8335ed) to head (0fcf9ca).
⚠️ Report is 6 commits behind head on 3.5.

Files with missing lines	Patch %	Lines
...va/org/opensearch/gradle/info/FipsBuildParams.java	0.00%	1 Missing ⚠️
...opensearch/gradle/testclusters/OpenSearchNode.java	0.00%	1 Missing ⚠️

Additional details and impacted files

@@             Coverage Diff              @@
##                3.5   #21006      +/-   ##
============================================
+ Coverage     73.18%   73.25%   +0.07%     
- Complexity    71865    71911      +46     
============================================
  Files          5782     5782              
  Lines        329125   329128       +3     
  Branches      47451    47451              
============================================
+ Hits         240854   241101     +247     
+ Misses        68955    68633     -322     
- Partials      19316    19394      +78     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.