This will allow the user to specify the server's certificate chain (the
public CA certs) or the server's private key if it's a self-signed cert
with no CA.

Resolves #3877

[ci mongo]

Adding SSH key support

Adding ssh key support (with passphrases)

The JSch library does not support ED25519 keys, that are the default as
of OpenSSH 7.8, but the Apache Mina SSHD library does.

Adds a end-to-end test of ssh port forwarding via a simple echo server.

[ci drivers]

Co-authored-by: Franklin Strube <thedoc8786@gmail.com>
Co-authored-by: hbc <bcxxxxxx@gmail.com>
Co-authored-by: Daniel Higginbotham <daniel@flyingmachinestudios.com>
Co-authored-by: Paul Rosenzweig <paul.a.rosenzweig@gmail.com>
Co-authored-by: Kyle Doherty <kyle.l.doherty@gmail.com>

Adds a `include_hidden_fields` parameter to `/table/:id/query_metadata`
endpoint, so that you can choose if you want to include hidden fields in
the response.

Adds the ability to use a service account JSON key file for talking to
Google BigQuery

Resolves #4634

[ci bigquery]

Co-authored-by: Paul Rosenzweig <paul.a.rosenzweig@gmail.com>

* Druid: don't make timestamps PKs [ci drivers]

* Fix tests [ci drivers]

* [ci drivers]

MBQL (Redshift, Vertica, Oracle): make `concat` work with any number of args

* Change font registration to run on first Pulse PNG render rather than at launch.
    * This will improve startup times slightly . 
    * This was causing DockerHub builds for `metabase-head` to fail 
because the stage 1 "builder" image did not have `ttf-dejavu` and `fontconfig` installed (the builder was running in to #12223).
     * This will resolve issues discussed in #12223 where Metabase fails to launch when running on a "headless" JVM Docker image (i.e., one without AWT libraries) or when we run into the infamous font issues. We still won't be able to render Pulses, but Metabase without Pulses is slightly preferable to no Metabase at all
*  Improved error messages & logging when Pulse rendering fails. Unfortunately, if the AWT classes are unavailable/broken in the JVM there is no way we can render Pulses given our current reliance on it. The best we can do is explain the situation and point people in the right direction. The new error message explains the situation and points people to #7986 for more details and workarounds.  As such, I am going to close #7986 because we cannot fix the underlying issue itself so the best we do is handle it better.
*  Refactor tests in `metabase.api.pulse-test`
*  Add tests for `GET /api/pulse/preview_card/:id`
*  Include entire Exception chain in 500 responses
*  Fix font registration logic not cleaning up `InputStream`s when done with them, wasting memory
*  Minor Dockerfile tweaks

Newer versions of Bouncy Castle fix the illegal reflective access
warning under newer JVMs

* Fix #12501

* Make sure Query results_metadata comes back with inferred base type from annotate

* Support filtering against questions that use another question as their source [ci drivers]

* Test fixes 

* Lint fix [ci drivers]

* Clean up metabase.query-processor.parameters.mbql-test

* Tweak codecov requirements [ci drivers]

Newly added metadata in the query remark was blowing up for parameter
queries other than dimension / field-id queries.

[ci redshift]

Adds a boolean setting to force redirects to HTTPS (defaults to false)

If redirect-all-requests-to-https is true, and site-url is an https URL,
redirect the user to the https version of the page.

Resolves #4871

Merge release-0.35.x to master

* Allow users to run ad-hoc query starting with Card if they have perms for it

* Convert metabase.query-processor.middleware.fetch-source-query-test to modern style

* When resolving source query from card_id, use Card ID for perms

* Add test to make sure we don't overwrite existing card-id

* Add missing require

* Test fix 

* Sort namespaces

* Tweak codecov.yaml

* Fix parsing commit messages in CI

* Looks like CI works

* Add codecov.yml

* Session expiration dox [ci skip]

* Update example using Java system property [ci skip]

* Style tweak [ci skip]

* Fix typo [ci skip]

* enable parallel cypress

* add grouping, different approach to parallelism

Co-authored-by: Morgan Hankins <morganhankins@gmail.com>
Co-authored-by: Tom Robinson <tlrobinson@gmail.com>