Add warning when sending credentials over HTTP

[hashhar]

Description

Adds warning when sending credentials over HTTP. JDBC actually disallows this entirely but it can be a breaking change for Python client now.

Non-technical explanation

Release notes

( ) This is not user-visible or docs only and no release notes are required.
(x) Release notes are required, please propose a release note for me.
( ) Release notes are required, with the following suggested text:

* Fix some things. ({issue}`issuenumber`)

[Copilot]

Pull request overview

Adds a runtime warning when authentication is configured while using an insecure HTTP connection, to help prevent accidental credential exposure.

Changes:

• Emit a UserWarning in Connection.__init__ when auth is set and the resolved scheme is HTTP.
• Add unit tests asserting the warning is produced for HTTP and not produced for HTTPS.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.

File	Description
trino/dbapi.py	Adds warning emission when auth is used over HTTP.
tests/unit/test_dbapi.py	Adds/updates tests to validate the new warning behavior.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[findepi]

Adds warning when sending credentials over HTTP. JDBC actually disallows this entirely but it can be a breaking change for Python client now.

Can we imagine a future where Python client does unsafe thing by default in 10 years from now?
I suppose this is not what we want. This means we need to embrace the breakage.

Do you plan to convert warning into failure in a 1-2 release from now?
If not, let's make it failure today.

[hashhar]

I plan to convert to failure. Just want to see if there are known applications or setups which explode and provide a version they can pin to while they sort out insecure configs.