Skip OWASP dependency check in release build step (#1286)

## Summary
- Skip OWASP dependency check in the "Build dependencies" step of
`release.yml` and `release-thin.yml` by adding
`-Ddependency-check.skip=true`
- The deploy step already runs the OWASP check with the NVD API key —
running it in the build step was redundant and caused the v3.3.1 release
to fail (downloaded 338K NVD records without an API key, then hit a
false positive on CVE-2026-25087)

## Test plan
- [ ] After merging, delete the v3.3.1 release and tag, then re-create
from GitHub UI to re-trigger the release workflow
- [ ] Verify the release workflow completes successfully

NO_CHANGELOG=true

OVERRIDE_FREEZE=true

This pull request was AI-assisted by Isaac.

Signed-off-by: Madhavendra Rathore <madhavendra.rathore@databricks.com>

Author: msrathore-db

.github/workflows/release-thin.yml

@@ -50,7 +50,8 @@ jobs:
       # GPG signing is skipped since we're only installing locally, not publishing.
       - name: Build dependencies
         run: |
-          mvn -Prelease clean install --batch-mode -pl jdbc-core -am -Dgpg.skip=true
+          mvn -Prelease clean install --batch-mode -pl jdbc-core -am -Dgpg.skip=true \
+            -Ddependency-check.skip=true
 
       # Step 2: Deploy only the thin JAR module to Maven Central
       # We don't use -am here to avoid the central-publishing-maven-plugin

.github/workflows/release.yml

@@ -35,7 +35,8 @@ jobs:
       # GPG signing is skipped since we're only installing locally, not publishing.
       - name: Build dependencies
         run: |
-          mvn -Prelease clean install --batch-mode -pl jdbc-core -am -Dgpg.skip=true
+          mvn -Prelease clean install --batch-mode -pl jdbc-core -am -Dgpg.skip=true \
+            -Ddependency-check.skip=true
 
       # Step 2: Deploy only the uber JAR module to Maven Central
       # We don't use -am here to avoid the central-publishing-maven-plugin