feat(connector): add session token for s3 connector

[wcy-fdu]

I hereby agree to the terms of the RisingWave Labs, Inc. Contributor License Agreement.

What's changed and what's your intention?

Previously, when using the S3 connector, users were required to configure ak sk, which was fixed. This pr adds the session token field to support temporary ak sk created by users. Both s3 source and s3 sink is added.

Checklist

• [ ] I have written necessary rustdoc comments
• [ ] I have added necessary unit tests and integration tests
• [ ] I have added test labels as necessary. See details.
• [ ] I have added fuzzing tests or opened an issue to track them. (Optional, recommended for new SQL features #7934).
• [ ] My PR contains breaking changes. (If it deprecates some features, please create a tracking issue to remove them in the future).
• [ ] All checks passed in ./risedev check (or alias, ./risedev c)
• [ ] My PR changes performance-critical code. (Please run macro/micro-benchmarks and show the results.)
• [ ] My PR contains critical fixes that are necessary to be merged into the latest release. (Please check out the details)

Documentation

• [ ] My PR needs documentation updates. (Please use the Release note section below to summarize the impact on users)

Release note

If this PR includes changes that directly affect users or other significant modifications relevant to the community, kindly draft a release note to provide a concise summary of these changes. Please prioritize highlighting the impact these changes will have on users.

[wcy-fdu]

Will test locally and then request review.

[wcy-fdu]

Think twice, we should allow setting session_token only for batch query, as it's a bit dangerous if streaming file source using a secret key that may have expired, causing some unpredictable errors.

However, we cannot know when creating a source whether it will be used for batch or streaming:

• if creating materialized view from source, it's long running streaming source
• if only run select from such source, it's batch query

In other words, if the source needs to support session tokens, it cannot be disabled for the streaming source when creating it.

Thus, I suggest when creating a source, only fixed keys that do not expire are allowed.

We can add session_token for tvf file_scan() if needed.