Add support for secrets

[samansmink]

This PR adds support for a new concept in duckdb: secrets (duckdb/duckdb#10042)

To summarize, secrets are, in the most generic sense, scoped sets of configuration that provide the necessary information to do something. In most cases this "something" will be an authorized request to some API.

For the Azure extension this means the what was previously configured through duckdb settings, will now be done through secrets.

Added secret providers

This PR adds the azure secret type with 2 secret providers: config and credential_chain

Config provider

the config provider is the default provider for azure secrets. It can be used in two ways:

Firstly it can be used to specify an account name for public accessible azure storage urls:

CREATE SECRET (
    TYPE AZURE,
    ACCOUNT_NAME 'duckdbtesting'
)

FROM 'az://some-public/stuff.parquet'

Secondly, it can be used with the CONNECTION_STRING param to query from authenticated places:

CREATE SECRET s1 (
    TYPE AZURE,
    CONNECTION_STRING '${AZURE_STORAGE_CONNECTION_STRING}'
)

FROM 'az://some-private/stuff.parquet'

credential_chain provider

The credential_chain azure secret provider can be used similar to what is being added in the aws extension now as well duckdb/duckdb_aws#23. Basically it allows to either just use the default Azure SDK credential chain, or specify a custom chain.

To create a secret that uses the default credential chain:

CREATE SECRET (
    TYPE AZURE,
    PROVIDER CREDENTIAL_CHAIN,
    ACCOUNT_NAME 'some-account'
)

FROM 'az://some-private/stuff.parquet'

Or to specify to only use the CLI and env providers, in that order:

CREATE SECRET (
    TYPE AZURE,
    PROVIDER CREDENTIAL_CHAIN,
    CHAIN 'cli;env',
    ACCOUNT_NAME 'some-account'
)

FROM 'az://some-private/stuff.parquet'

Note: CI is still a bit of a work in progress here, some things are testable only manually ATM, I leave that to future work

[Mytherin]

Thanks!