Fix Vault namespace handling for AppRole authentication

[SavinduDimal]

Purpose

• $Subject
• This change applies the configured HashiCorp Vault namespace to the VaultConfig used for both secret reads and AppRole login. This ensures AppRole authentication targets the configured non-root namespace instead of the root namespace.
• It also normalizes the namespace value before use, skips namespace configuration when it is not provided.
• Related Issues: HashiCorp Vault AppRole authentication fails when Vault namespace is configured wso2/api-manager#4969

[Copilot]

Pull request overview

This PR ensures the configured HashiCorp Vault namespace is applied consistently to both secret reads and AppRole authentication, so AppRole login targets the intended non-root namespace.

Changes:

• Apply the configured namespace at the VaultConfig level for secret reads.
• Apply the configured namespace at the VaultConfig level for AppRole login.
• Normalize (trim) the namespace and skip namespace configuration when not provided.

Comments suppressed due to low confidence (1)

src/main/java/org/wso2/carbon/securevault/hashicorp/repository/HashiCorpSecretRepository.java:204

• The exception message in this secret-read path says "Error retrieving service token using AppRole", which is misleading when logical.read(path) fails. Please update it to describe the actual operation (reading a secret) and ideally include the relevant path/alias for easier troubleshooting.

        } catch (VaultException e) {
            throw new HashiCorpVaultException("Error retrieving service token using AppRole", e);
        }

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.