Support Jackson 3.x release line

[reta]

Description

Support Jackson 3.x release line. The change does a few things:

• the OpenSearch Core switches to Jackson 3.x release line at once (x-content, etc..)
• the OpenSearch server module will continue to bundle Jackson 2.x artifacts (along with Jackson 3.x) to not break existing plugins
• once all plugins switch to Jackson 3.x, the server could drop Jackson 2.x artifacts bundling

Related Issues

Closes #19597

Check List

• Functionality includes testing.
• API changes companion pull request created, if applicable.
• Public documentation issue/PR created, if applicable.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

[github-actions]

Failed to generate code suggestions for PR

[github-actions]

❌ Gradle check result for 08afabb: FAILURE

Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change?

[github-actions]

PR Code Analyzer ❗

AI-powered 'Code-Diff-Analyzer' found issues on commit 3bc6e02.

Path	Line	Severity	Description
server/src/main/resources/org/opensearch/bootstrap/security.policy	113	medium	New security policy grant gives jackson3-core broad network socket permissions ('java.net.SocketPermission "*", "connect,resolve"'). While this mirrors the existing grant for jackson-core 2.x and appears justified for Unix domain socket support, granting outbound network access to a JSON parsing library from a new/different group ID (tools.jackson vs com.fasterxml.jackson) warrants review to confirm the new artifact is the legitimate Jackson 3.x release and not a substituted malicious dependency.
gradle/libs.versions.toml	14	low	Multiple new SHA1 hashes are introduced for Jackson 3.x artifacts under a new Maven group ID (tools.jackson.core/tools.jackson.dataformat). These cannot be verified inline; if any hash was manipulated to match a compromised JAR, it would constitute a supply chain attack. The hashes should be independently verified against the official Maven Central repository for jackson-core 3.1.0, jackson-dataformat-smile/yaml/cbor 3.1.0, snakeyaml 2.6, and snakeyaml-engine 3.0.1.

The table above displays the top 10 most important findings.

Total: 2 | Critical: 0 | High: 0 | Medium: 1 | Low: 1

---

Pull Requests Author(s): Please update your Pull Request according to the report above.

Repository Maintainer(s): You can bypass diff analyzer by adding label skip-diff-analyzer after reviewing the changes carefully, then re-run failed actions. To re-enable the analyzer, remove the label, then re-run all actions.

---

⚠️ Note: The Code-Diff-Analyzer helps protect against potentially harmful code patterns. Please ensure you have thoroughly reviewed the changes beforehand.

Thanks.

[github-actions]

Failed to generate code suggestions for PR

[github-actions]

❌ Gradle check result for 8f7c773: FAILURE

Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change?

[github-actions]

Failed to generate code suggestions for PR

[github-actions]

❌ Gradle check result for dc8261d: FAILURE

Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change?

[github-actions]

Failed to generate code suggestions for PR

[github-actions]

✅ Gradle check result for 999e868: SUCCESS

[github-actions]

Persistent review updated to latest commit c4ee6f8

[github-actions]

✅ Gradle check result for c4ee6f8: SUCCESS

[github-actions]

Persistent review updated to latest commit f29e4a7

[github-actions]

❌ Gradle check result for f29e4a7: FAILURE

Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change?

[github-actions]

Persistent review updated to latest commit c52b5b2

[github-actions]

❕ Gradle check result for c52b5b2: UNSTABLE

Please review all flaky tests that succeeded after retry and create an issue if one does not already exist to track the flaky failure.

[github-actions]

Persistent review updated to latest commit bd926ae

[github-actions]

✅ Gradle check result for bd926ae: SUCCESS

[github-actions]

Persistent review updated to latest commit 3ccda43

[github-actions]

✅ Gradle check result for 3ccda43: SUCCESS

[github-actions]

Persistent review updated to latest commit e361206

[reta]

@andrross @cwperks this is probably the most impactful change in the whole pull request, making generator initialization lazy. I initially overthought it and used volatile + double check locking but looking closely, I have not found the evidence XContentBuilder instances are shared across threads (quite expected), simple null check should be sufficient.

[github-actions]

✅ Gradle check result for e361206: SUCCESS

[andrross]

So calling this method (and some others) will have no effect if generatorInstance() has already been invoked on this instance? Is this behavior change going to be impactful? Should these method throw if the generator instance has already been constructed?