Description:

Update the object storage configuration logic to always use HTTPS (insecure: false) when AWS token-based authentication is enabled, regardless of whether custom TLS certificates are provided.

Background:

Cloud provider federated authentication mechanisms for AWS require HTTPS connections to function. Currently, the operator sets `insecure: true` (HTTP) for S3 storage when `storage.tls.enabled` is not explicitly set, which breaks token-based authentication.

The code conflates two separate concepts:

1. {}Custom TLS certificates{} (optional, for non-standard CAs)

2. {}HTTP vs HTTPS protocol{} (HTTPS mandatory for token auth)

Acceptance Criteria

• [ ] S3 storage uses HTTPS (`insecure: false`) when `credentialMode` is `token` or `token-cco`

• [ ] Static credential mode behavior unchanged (respects `storage.tls.enabled` setting)

• [ ] Unit tests added/updated to verify the logic

• [ ] E2E tests pass without requiring `storage.tls.enabled: true` workaround