Add EC2 IMDS credential provider for S3Client

Add ImdsCredentialProvider that fetches and caches temporary AWS
credentials from the EC2 Instance Metadata Service (IMDSv2), enabling
S3Client to work on EC2 instances without static credentials.

- New ImdsCredentialProvider class (RefCounted) with RwLock-based
  double-checked caching and 5-minute pre-expiration refresh
- S3ClientOptions gains optional CredentialProvider field; when set,
  SignRequest/GeneratePresignedUrl use dynamic credentials and
  invalidate the signing key cache on access key rotation
- Move CloudProvider enum and MockImdsService from zencompute to
  zenutil for reuse; extend mock with IAM credential endpoints
- Add --imds flag to zens3-testbed for EC2 credential testing
- Integration tests using mock IMDS server verify fetch, caching,
  invalidation, and unreachable endpoint graceful failure

0 files changed, 0 insertions, 0 deletions