feat: support sts type in profile provider

[maros7]

Fixes #641.

[CLAassistant]

All committers have signed the CLA.

[JacksonTian]

The credentials profile is static, but the STS token is dynamic. It need to refresh before expiration time automatic. So I think support a dynamic sts token in static configuration file is not a good idea.

[JacksonTian]

Actually, If we don't consider the temporary token refresh problem, we can pass the STS with environment variables. It's more lightweight.

[maros7]

So, our use-case is that we use role-based OIDC SSO when doing local development. We use a bespoke tool for that, similar to https://github.com/aliyun/saml2alibabacloud. The tool persists the sts credentials to the ini file. This is less awkward compared to env variables. You do support his in https://github.com/aliyun/credentials-go/blob/master/credentials/profile_provider.go. But that lib is not possible to use with Github Actions since the env provider doesn't support any other type but access_key: https://github.com/aliyun/credentials-go/blob/master/credentials/env_provider.go.

Some more background:

1. We don't want to use static AK credentials from a security perspective.
2. We want to be able to use the SDK out-of-the-box w/o any need for our own code. Right now we need to do quite a bit of work to support local development (requires our tool to get STS credentials), Github Actions using https://github.com/aliyun/configure-aliyun-credentials-action and when actually running in AliCloud.

[JacksonTian]

So, our use-case is that we use role-based OIDC SSO when doing local development. We use a bespoke tool for that, similar to https://github.com/aliyun/saml2alibabacloud. The tool persists the sts credentials to the ini file. This is less awkward compared to env variables. You do support his in https://github.com/aliyun/credentials-go/blob/master/credentials/profile_provider.go. But that lib is not possible to use with Github Actions since the env provider doesn't support any other type but access_key: https://github.com/aliyun/credentials-go/blob/master/credentials/env_provider.go.

Some more background:

1. We don't want to use static AK credentials from a security perspective.
2. We want to be able to use the SDK out-of-the-box w/o any need for our own code. Right now we need to do quite a bit of work to support local development (requires our tool to get STS credentials), Github Actions using https://github.com/aliyun/configure-aliyun-credentials-action and when actually running in AliCloud.

I am supporting the OIDC credentials provider, see #634 . Could you wait a moment to use the new credentials provider?

[JacksonTian]

Hi @maros7 ,

Two things:

1. You can use OIDC provider credentials like this:

	// read oidc token from env ALIBABA_CLOUD_OIDC_TOKEN_FILE
	// read oidc provider arn from env ALIBABA_CLOUD_OIDC_PROVIDER_ARN
	// read role arn from env ALIBABA_CLOUD_ROLE_ARN
	provider, err := credentials.NewOIDCCredentialsProviderBuilder().Build()
	if err != nil {
		panic(err)
	}
	client, err := sdk.NewClientWithOptions("cn-shanghai", config, provider)
	if err != nil {
		panic(err)
	}

2. I supported the sts in credentials-go. see Add support sts in default credentials provider chain credentials-go#90 .

I recommend you to use the credentials-go.