refactor(services/gcs): migrate to reqsign v2

[Xuanwo]

Which issue does this PR close?

Part of #6553.

Rationale for this change

GCS service was still using reqsign v1 APIs (GoogleCredentialLoader / GoogleTokenLoader / GoogleSigner) while other services are being migrated to reqsign v2.

This PR migrates GCS to reqsign v2 with Signer<Credential> and keeps existing behavior for credential priority, anonymous mode, and service-account selection for VM metadata.

What changes are included in this PR?

• Migrate services/gcs dependencies from reqsign v1 to reqsign v2 crates:
  • reqsign-core
  • reqsign-google
  • reqsign-file-read-tokio
  • reqsign-http-send-reqwest
• Replace old loader/signer wiring with Context + ProvideCredentialChain<Credential> + Signer<Credential>.
• Migrate signing flow from mutable in-place signing to owned request flow (Request -> Request) for both normal sign and presign query sign.
• Keep allow_anonymous behavior by allowing CredentialInvalid from reqsign and continuing unsigned.
• Keep GCS service_account behavior for VM metadata by adding an internal credential provider that requests token from:
  • /computeMetadata/v1/instance/service-accounts/<service_account>/token
• Add builder extension points for custom credential providers:
  • credential_provider(...)
  • credential_provider_chain(...)
• Update GCS docs to reflect provider-chain based customization.

Also opened upstream reqsign issue for a built-in static access token provider:

• reqsign-google: add built-in provider for static OAuth access token opendal-reqsign#694

Are there any user-facing changes?

Yes.

• GcsBuilder::customized_token_loader(...) is replaced by provider-chain based APIs:
  • GcsBuilder::credential_provider(...)
  • GcsBuilder::credential_provider_chain(...)

Configuration keys and existing auth precedence are preserved.

AI Usage Statement

This PR was implemented with Codex (GPT-5) for code migration, refactoring, and validation command preparation.