azureblob: upgrade gocloud to support endpoint option

[zchuX]

What problem does this PR solve?

Azure Blob Storage (azblob) backups only worked against the global Azure public cloud endpoint. Users running TiDB Operator in Azure sovereign/regional clouds — specifically Azure China (Mooncake / chinacloudapi.cn) and Azure US Government (usgovcloudapi.net) could not use azblob as a backup target because the storage endpoint, Active Directory authentication endpoint, and resource URI were all hardcoded to the public cloud values.

---

What is changed and how does it work?

A new optional endpoint field is added to the AzblobStorageProvider API spec. When provided, it overrides the default Azure public cloud storage endpoint and also drives the correct AAD (Active Directory) authentication endpoint and resource URI selection for the corresponding sovereign cloud.

Change originally cherry-picked from https://github.com/pingcap/tidb-operator/pull/6356/changes. Fixed the issue with ccc.Resource set to different values for different domain in the original PR, it should remain constant across domains.

---

Code changes

• Has Go code change
• Has CI related scripts change

---

Tests

• Unit test
• E2E test
• Manual test
• No code

Basked the change for a months in both China/USGov regions and confirmed br works as expected. Please refer to correspondence at: https://tidb.support.pingcap.com/servicedesk/customer/portal/4/NAID-11542

---

Side effects

• Breaking backward compatibility
• Other side effects: gocloud.dev upgraded from v0.18.0 to v0.21.0. The AAD authentication path behavior changes when an endpoint is provided (uses cloud-specific resource URIs instead of the global https://storage.azure.com/). Existing configurations without endpoint are unaffected.

---

Related changes

• Need to cherry-pick to the release branch
• Need to update the documentation

---

Release Notes

Add support for configuring a custom endpoint in AzblobStorageProvider, enabling azblob backup and restore to work with Azure sovereign/regional clouds (Azure China, Azure US Government, Azure Germany) in addition to the global Azure public cloud.

[ti-chi-bot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign shuijing198799 for approval. For more information see the Code Review Process.
Please ensure that each of them provides their approval before proceeding.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[ti-chi-bot]

Welcome @zchuX! It looks like this is your first PR to pingcap/tidb-operator 🎉

[ti-chi-bot]

Hi @zchuX. Thanks for your PR.

I'm waiting for a pingcap member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[pingcap-cla-assistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[liubog2008]

@zchuX please rebase