Add more Hashicorp Vault secrets store auth methods

[stefannica]

Describe changes

We currently only support the token authentication method for the Hashicorp Vault secrets store. This authentication method is unusable in production because tokens are usually set to expire after a short time and managing their rotation is painful.

This PR adds a few more authentication method options and also implements automatic token refresh / re-login upon expiration:

• App Role authentication - authentication using a Vault App Role (app role ID and secret ID)
• AWS authentication - implicit authentication using an AWS IAM role (to be used for ZenML Pro workspaces)

Implements: #4092

Pre-requisites

Please ensure you have done the following:

• I have read the CONTRIBUTING.md document.
• I have added tests to cover my changes.
• I have based my new branch on develop and the open PR is targeting develop. If your branch wasn't based on develop read Contribution guide on rebasing branch to develop.
• IMPORTANT: I made sure that my changes are reflected properly in the following resources:
  • ZenML Docs
  • Dashboard: Needs to be communicated to the frontend team.
  • Templates: Might need adjustments (that are not reflected in the template tests) in case of non-breaking changes and deprecations.
  • Projects: Depending on the version dependencies, different projects might get affected.

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)
• Other (add details above)

[github-actions]

✅ No broken links found!

[github-actions]

Documentation Link Check Results

❌ Absolute links check failed
There are broken absolute links in the documentation. See workflow logs for details
✅ Relative links check passed
_{Last checked: 2025-10-30 08:30:25 UTC}