SPOG replaces per-workspace hostnames with account-level URLs. When
httpPath contains ?o=<workspaceId>, the connector now extracts the
workspace ID and injects x-databricks-org-id as an HTTP header on all
non-OAuth endpoints (SEA, telemetry, feature flags).

Changes:
- Fix warehouse ID regex to stop at query params ([^?&]+ instead of .+)
- Extract ?o= from httpPath once during session init, store as _spog_headers
- Propagate org-id header to telemetry client via extra_headers param
- Propagate org-id header to feature flags client
- Do NOT propagate to OAuth endpoints (they reject it with 400)

Signed-off-by: Madhavendra Rathore <madhavendra.rathore@databricks.com>

Co-authored-by: Isaac
Signed-off-by: Madhavendra Rathore <madhavendra.rathore@databricks.com>

Mirrors the JDBC driver's logging pattern. Emits at DEBUG level in three
code paths of _extract_spog_headers:

1. http_path has a query string but no ?o= param — log and skip.
2. x-databricks-org-id already set by the caller (via http_headers) —
   log and skip (don't override explicit user header).
3. Injection happens — log the extracted workspace ID so customers
   diagnosing SPOG routing can confirm the header was added.

Helps with customer support: when a customer reports "SPOG isn't
routing correctly", they can enable DEBUG logging and immediately see
whether the connector saw their ?o= value.

Signed-off-by: Madhavendra Rathore
Signed-off-by: Madhavendra Rathore <madhavendra.rathore@databricks.com>

This commit lives on the spog-testing-harness branch (NOT part of
spog-fix PR #767). Collects scripts + captured traces produced during
the SPOG auth investigation.

SPOG-specific test programs (examples/):
  - capture_sdk_m2m_token.py   Decode SDK-issued M2M JWT on SPOG + Legacy
                               side-by-side. Shows iss/aud divergence.
  - capture_sdk_m2m_trace.py   Log every HTTP call the SDK makes for M2M,
                               including redacted request bodies + status.
  - verify_spog_thrift_accepts_account_token.py
                               Bypass pysql connector, POST directly to
                               Thrift with the SDK-issued token to isolate
                               server behavior from connector behavior.
  - spog_sdk_m2m_only.py       Minimal SDK-provider M2M test — Stg SPOG
                               + Stg Legacy, prints PASS/FAIL.
  - spog_u2m_one.py            One-host U2M databricks-oauth tester.
  - spog_staging_test.py       Full matrix: PAT + SDK M2M + Azure SP M2M
                               + auto-tenant. Used for the matrix report.
  - spog_full_matrix.py,       Earlier iterations of the matrix script.
    spog_full_test.py,
    spog_peco_test.py,
    spog_test.py,
    spog_all_auth_test.py

Captured logs:
  - u2m_debug_trace.txt
  - u2m_interactive_tests.txt
  - u2m_prod_spog_test.txt

Not included here (excluded deliberately):
  - .secrets, .actrc, act.env  Local config with credentials.
  - .claude/                   Agent session internals.
  - Various issue-729/731 reproduction scripts + markdown analyses —
    unrelated to SPOG; belong on their own preservation branch.
  - Performance benchmark scripts — same, unrelated.

Signed-off-by: Madhavendra Rathore
Signed-off-by: Madhavendra Rathore <madhavendra.rathore@databricks.com>