native interface abstractions

[bharath-techie]

Description

[Describe what this change achieves]

Related Issues

Resolves #[Issue number to be closed when this PR is merged]

Check List

• Functionality includes testing.
• API changes companion pull request created, if applicable.
• Public documentation issue/PR created, if applicable.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

[github-actions]

PR Code Analyzer ❗

AI-powered 'Code-Diff-Analyzer' found issues on commit d1ac9e8.

Path	Line	Severity	Description
plugins/engine-datafusion/src/main/java/org/opensearch/datafusion/DataFusionPlugin.java	255	medium	The ParentAware interface combined with loadExtensions() allows any loaded child plugin to receive the DataFusionPlugin instance and call getDataFusionService().getRuntimePointer(), obtaining a raw native memory pointer. A malicious child backend registered via SPI could use this pointer for arbitrary JNI operations outside intended boundaries.
sandbox/qa/analytics-engine-rest/src/test/java/org/opensearch/analytics/qa/ClickBenchRestIT.java	149	medium	Schema prefix 'opensearch.' is silently stripped from all PPL queries (replaced with bare table name), removing schema-level namespace qualification. If the 'opensearch' schema prefix enforces access control or tenant isolation boundaries, removing it could allow queries to access tables outside the intended namespace without triggering schema-level authorization checks.
plugins/engine-datafusion/src/main/java/org/opensearch/datafusion/DataFusionPlugin.java	77	low	getDataFusionService() is newly exposed as a public method, making the internal DataFusionService (and its native runtime pointer) accessible to any code with a reference to the plugin instance. This broadens the attack surface for any code path that can obtain the plugin object.
sandbox/plugins/analytics-backend-datafusion/build.gradle	26	low	testingConventions.enabled = false disables OpenSearch testing conventions enforcement for this plugin. Combined with the reduction of ClickBench test coverage from 43 to 6 queries (with a TODO comment), security-relevant test assertions may be silently skipped, reducing confidence that the JNI/native bridge behaves safely.

The table above displays the top 10 most important findings.

Total: 4 | Critical: 0 | High: 0 | Medium: 2 | Low: 2

---

Pull Requests Author(s): Please update your Pull Request according to the report above.

Repository Maintainer(s): You can bypass diff analyzer by adding label skip-diff-analyzer after reviewing the changes carefully, then re-run failed actions. To re-enable the analyzer, remove the label, then re-run all actions.

---

⚠️ Note: The Code-Diff-Analyzer helps protect against potentially harmful code patterns. Please ensure you have thoroughly reviewed the changes beforehand.

Thanks.