As a LokiStack administrator I want to off-load STS configuration to the CloudCredentialOperator when running on a cluster that supports this operator so that I do not need to manually manage STS credentials configuration on AWS and in turn a custom LokiStack S3 object storage secret.

Acceptance Criteria

• The Loki Operator offloads all STS credential generation work to the CloudCredentialOperator on OpenShift platforms with this operator available.
• The LokiStack administrator is required to provide only a very minimum S3 object storage config secret, i.e. bucketnames, region.
• The Loki Operator needs to declare in the ClusterServiceVersion provided for OpenShift the following annotation: features.operators.openshift.io/token-auth-aws

Developer Notes.

1. Consider reading and understanding the recommended approach from this documentation: https://docs.google.com/document/d/1iFNpyycby_rOY1wUew-yl3uPWlE00krTgr9XHDZOTNo/edit
2. The Loki Operator needs to check (periodically) if the present APIServer supports the custom resource CredentialsRequest from cloudcredential.openshift.io/v1.
3. For tenant modes openshift-logging and openshift-network the operator will create a CredentialsRequest:
   1. In the CloudCredentialOperator namespace.
   2. Provide a list of required S3 rights as listed here https://grafana.com/docs/loki/v2.9.x/storage/#aws-deployment-s3-single-store
   3. Reference a secret in the openshift-logging/netobserv namespace for the CloudCredentialOperator.
4. Upon the CloudCredentialOperator providind the secret (that includes the role_arn and web_identity_token_file) the Loki Operator resumes operations as in LOG-4544 to connect configure Loki's s3 config for STS.