java_cert: fix PKCS12 password not passed to keytool -list (#12151)

* fix(java_cert): remove -noprompt from keytool -list to allow stdin password

-noprompt is not a valid option for keytool -list (only for importkeystore/
importcert). On Java 8, passing it caused keytool to skip reading the store
password from stdin, resulting in a null password and NullPointerException.

Fixes #3023

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* test(java_cert): add idempotency test for pkcs12 import with password

Exercises _export_public_cert_from_pkcs12 when the alias already exists,
verifying the password is correctly read from stdin on the comparison path.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* changelog: add fragment for PR 12151

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

---------

Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>

plugins/modules/java_cert.py

@@ -279,7 +279,7 @@ def _get_digest_from_x509_file(module, pem_certificate_file, openssl_bin):
 
 def _export_public_cert_from_pkcs12(module, executable, pkcs_file, alias, password, dest):
     """Runs keytools to extract the public cert from a PKCS12 archive and write it to a file."""
-    export_cmd = [executable, "-list", "-noprompt", "-keystore", pkcs_file, "-storetype", "pkcs12", "-rfc"]
+    export_cmd = [executable, "-list", "-keystore", pkcs_file, "-storetype", "pkcs12", "-rfc"]
     # Append optional alias
     if alias:
         export_cmd.extend(["-alias", alias])