Add changelog entry for optional clientId fix

Author: renaudhartert-db

NEXT_CHANGELOG.md

@@ -10,6 +10,7 @@
 * Fixed non-JSON error responses (e.g. plain-text "Invalid Token" with HTTP 403) producing `Unknown` instead of the correct typed exception (`PermissionDenied`, `Unauthenticated`, etc.). The error message no longer contains Jackson deserialization internals.
 * Added `X-Databricks-Org-Id` header to deprecated workspace SCIM APIs (Groups, ServicePrincipals, Users) for SPOG host compatibility.
 * Fixed Databricks CLI authentication to detect when the cached token's scopes don't match the SDK's configured scopes. Previously, a scope mismatch was silently ignored, causing requests to use wrong permissions. The SDK now raises an error with instructions to re-authenticate.
+* Made `clientId` optional in `DatabricksOAuthTokenSource` to support web browser OIDC federation flows where no client ID is available. The `client_id` parameter is now only included in token exchange requests when non-null and non-empty, per RFC 8693 ([#757](https://github.com/databricks/databricks-sdk-java/issues/757)).
 
 ### Security Vulnerabilities