operator: adds AWS sts support

[JoaoBraveCoding]

What this PR does / why we need it:

Adds support for users to configure the S3 object storage with AWS STS.

Which issue(s) this PR fixes:

• https://issues.redhat.com/browse/LOG-4544

Special notes for your reviewer:

• This PR depends on operator: Add serviceaccount per lokistack resource #11500

To test you need:

• Run the AWS commands as explained in https://github.com/grafana/loki/pull/11060/files#diff-27b5aa2c87cf76afa33759f0ba55f749b2a54e1d4b1b6c7bc69a2cf1cbfc1c24R169-R213;
• Create a secret with role_arn, region, bucketnames and audience;
• Create a LokiStack.

Checklist

• Reviewed the CONTRIBUTING.md guide (required)
• Documentation added
• Tests updated
• CHANGELOG.md updated
  • If the change is worth mentioning in the release notes, add add-to-release-notes label
• Changes that require user attention or interaction to upgrade are documented in docs/sources/setup/upgrade/_index.md
• For Helm chart changes bump the Helm chart version in production/helm/loki/Chart.yaml and update production/helm/loki/CHANGELOG.md and production/helm/loki/README.md. Example PR
• If the change is deprecating or removing a configuration option, update the deprecated-config.yaml and deleted-config.yaml files respectively in the tools/deprecated-config-checker directory. Example PR

[github-actions]

Trivy scan found the following vulnerabilities:

• HIGH, Target: docker.io/grafana/loki:main-24fa648 (alpine 3.18.4), Type: alpine openssl: Incorrect cipher key and IV length processing in libcrypto3 v3.1.3-r0. Fixed in v3.1.4-r0
• HIGH, Target: docker.io/grafana/loki:main-24fa648 (alpine 3.18.4), Type: alpine openssl: Incorrect cipher key and IV length processing in libssl3 v3.1.3-r0. Fixed in v3.1.4-r0
  \nTo see more details on these vulnerabilities, and how/where to fix them, please run docker build -t grafana/loki:main-24fa648 -f cmd/loki/Dockerfile .
  trivy i grafana/loki:main-24fa648 on your branch. If these were not introduced by your PR, please considering fixing them in via a subsequent PR. Thanks!

[periklis]

Looks good to me. Couple of points still missing:

• Introduce the custom serviceaccount per LokiStack. Maybe we should do this as a pre-requisite PR and consider backporting this?
• Should we make the audience field in the service account projection volume configurable for non-OpenShift clusters?

[JoaoBraveCoding]

Should we make the audience field in the service account projection volume configurable for non-OpenShift clusters?

Yes 💯

In regards to the comments on separating functionality into separate smaller functions, I'm always divided by this, simply because usually it implies having in mind more functions might or not be used in a code path. I have an idea to make the switch case more digestible where we land.

[periklis]

Minor improvements, I think we arrived at the finish line.