feat(providers): add managed S3 backend protocol + minIO support

[bherila]

Motivation

• Add a reviewable managed S3 backend protocol without mixing it into the MariaDB service PR.
• Keep rustfs as the default managed object-storage backend while allowing S3-compatible backend selectors for garage and minio.
• Avoid compiling AGPL storage-engine code into the Temps binary while still giving Temps a stable lifecycle contract for provisioning, credentials, health, backup/restore, and migration hooks.

Description

• Adds crates/temps-providers/src/externalsvc/managed_s3.rs with ManagedS3BackendKind, ManagedS3BackendSelection, request/response DTOs, and the ManagedS3Backend trait.
• Exports the managed-S3 protocol through temps-providers.
• Adds a read-only backend selector to managed s3 parameters with out-of-box choices rustfs (default), garage, and minio.
• Provisions s3 services with backend=minio through the existing MinIO-compatible service implementation while keeping the stored service type as s3.
• Rejects malformed backend values and rejects garage at service creation until out-of-process provider dispatch is wired, avoiding silently provisioning RustFS under a Garage label.
• Keeps absent/null backend values defaulting to rustfs, while rejecting present-but-non-string backend values instead of silently treating malformed input as the default.
• Updates managed-service docs to describe object storage as S3-compatible rather than MinIO-specific.

Stack hygiene

• This branch is based directly on main and is independent of the existing MariaDB PR (Add opt-in MariaDB-compatible services #138).
• A separate integration branch in the fork combines MariaDB, flat public hostnames, managed S3, and other downstream release features only for Amazon Linux release builds.

Testing

• cargo fmt --check
• cargo test --lib -p temps-providers managed_s3
• cargo check --lib -p temps-providers

Validated on tempsdev1 (Amazon Linux 2023, cargo 1.95.0).

[bherila]

Follow-up fix — reject managed Garage backend until provider dispatch exists

dba375a0 mirrors a fix applied to the same code on the downstream fork: an S3/Blob service created with backend: "garage" (plus a provider_socket) passed validate_for_service_create but was still provisioned as RustFS, since create_service_instance maps both S3 and Blob to RustfsService and nothing dispatches to the out-of-process provider. That silently misrepresents what was provisioned. Garage is now rejected at creation time until the dispatch path is wired up; the provider_socket field stays as part of the contract.

Test results

Ran on a self-hosted runner (cargo 1.95.0, Amazon Linux 2023) against dba375a0:

$ cargo test --lib -p temps-providers managed_s3

running 6 tests
test externalsvc::managed_s3::tests::garage_without_socket_is_also_rejected ... ok
test externalsvc::managed_s3::tests::default_backend_is_rustfs ... ok
test externalsvc::managed_s3::tests::non_string_backend_is_rejected ... ok
test externalsvc::managed_s3::tests::garage_is_rejected_until_provider_dispatch_exists ... ok
test externalsvc::managed_s3::tests::null_backend_falls_back_to_default ... ok
test externalsvc::managed_s3::tests::parses_garage_backend_and_buckets ... ok

test result: ok. 6 passed; 0 failed; 0 ignored; 0 measured; 234 filtered out; finished in 0.00s

[dviejokfs]

Thanks for the PR! MinIO also needs to be supported even though is deprecated, could you add it?

[bherila]

Yeah I can add MinIO. Separate PR for that or want it in here?

[bherila]

MinIO added here