* feat(bedrock-mantle): add IAM credential auth via @aws/bedrock-token-generator
Mantle previously required a manually-created API key (AWS_BEARER_TOKEN_BEDROCK).
This adds automatic bearer token generation from IAM credentials using the
official @aws/bedrock-token-generator package.
Auth priority:
1. Explicit AWS_BEARER_TOKEN_BEDROCK env var (manual API key from Console)
2. IAM credentials via getTokenProvider() → Bearer token (instance roles,
SSO profiles, access keys, EKS IRSA, ECS task roles)
Token is cached in memory (1hr TTL, generated with 2hr validity) and in
process.env.AWS_BEARER_TOKEN_BEDROCK for downstream sync reads.
Falls back gracefully when package is not installed or credentials are
unavailable — Mantle provider simply not registered.
Closes#45152
* fix(bedrock-mantle): harden IAM auth
---------
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
