Support `s3://`, `ssm://`, and `secretsmanager://` protocols in `apiclient apply`

[cbgbt]

What I'd like: You can use apiclient apply to apply settings from TOML/JSON files at a given URI or from stdin. It would be useful to support common AWS service resources via the URI protocol, e.g.:

• s3://$BUCKET/$KEY is a common URI format for fetching artifacts from S3
• ssm:// could be used to fetch value documents from AWS SSM parameter store.
• secretsmanager:// could be used to fetch value dcuments from AWS Secrets Manager.

We should probably also add a flag to apiclient apply to treat the content that it resolves as an individual value for a given key, rather than a settings document -- this would be useful when e.g. you just have a credential stored as a string in one of these services, and don't want to convert that to a document stored in that service.

Any alternatives you've considered: When I had originally considered this, I wondered if we should add SSM parameter resolution to apiclient set to more easily use it for individual settings values.

I considered this because I wasn't aware of apiclient apply's existing ability to fetch data from a URI -- apiclient apply seems like the right place for this.