refactor(services/cos): migrate to reqsign v2

[Xuanwo]

Which issue does this PR close?

Part of #6553.

Rationale for this change

services/cos was still using the old monolithic reqsign APIs (TencentCosCredentialLoader and TencentCosSigner).
This PR migrates COS to reqsign v2 (reqsign-core + reqsign-tencent-cos) and aligns signing with the unified Signer<Credential> model.

What changes are included in this PR?

• Dependency migration in services/cos:
  • remove old reqsign
  • add reqsign-core, reqsign-tencent-cos, reqsign-file-read-tokio, reqsign-http-send-reqwest
• Backend credential wiring migration:
  • build reqsign_core::Context with tokio file reader and reqwest HTTP sender
  • replace old loader/signer setup with reqsign_tencent_cos::DefaultCredentialProvider + reqsign_core::Signer
  • keep explicit secret_id/secret_key as StaticCredentialProvider with highest priority (push_front)
  • preserve disable_config_load behavior by disabling default env/assume-role providers when enabled
• Core signing migration:
  • replace TencentCosCredentialLoader + TencentCosSigner with Signer<reqsign_tencent_cos::Credential>
  • convert signing APIs from in-place &mut Request to owned Request -> Request
  • update all signing call sites accordingly
• Writer migration:
  • update writer code paths to use the new owned signing flow

Are there any user-facing changes?

No user-facing API changes are intended.

AI Usage Statement

This PR was implemented with assistance from Codex (GPT-5) in the local development workflow.