Support for passing an OSS STS security token through storage_options #5660
Description
when using Lance with Aliyun OSS or other lake‑based storage systems. previous versions only extracted access_key_id and access_key_secret, so the security token was not recognized.
While environment variables can technically be used, they are not suitable in multi‑tenant scenarios due to process‑level leakage risks and the inability to safely refresh credentials at runtime. Passing credentials through storage_options remains the correct and secure approach.
I made a PR #5632 for this, if any reviewer is instead in it, please help review. Thanks. We depends on this feature for our production.