Allow setting the Glue STS endpoint and region

[alexjo2144]

Description

Add config properties to specify the STS service to use when authenticating to AWS Glue. This is needed for situations like deploying in GovCloud where the global STS endpoint should not be used.

Non-technical explanation

Add options which allow for Glue to be used in situations like GovCloud.

Release notes

( ) This is not user-visible or docs only and no release notes are required.
( ) Release notes are required, please propose a release note for me.
(x) Release notes are required, with the following suggested text:

# Hive
* Allow setting the AWS STS endpoint and region when using a Glue metastore.

# Delta Lake
* Allow setting the AWS STS endpoint and region when using a Glue metastore.

# Iceberg
* Allow setting the AWS STS endpoint and region when using a Glue catalog.

[alexjo2144]

Note for reviewers: withLongLivedCredentialsProvider is deprecated and cannot be used along with withStsClient, that's why this change is here.

[findepi]

Do we need a new setting? why this cannot be based on hive.metastore.glue.region?

[alexjo2144]

It is necessary if we want to support situations like using Minio's STS with AWS Glue.

There's also this: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html

TLDR: By default STS uses the global endpoint which is always available. You can set a region explicitly to reduce latency but STS is not available in all regions. So if we just use the Glue region but you're deployed in one of those places, for example eu-south-1, you need to use either the global endpoint or a diferent region with STS available.

I believe this means we need the setting.

[findepi]

Test PR with secrets: #14444
(@nineinchnick's #12817 will make these PRs easier)

[findepi]

ci / build-pt (pull_request) failed (#14453)
tests need to be re-run