fix(aws service): Propagate FIPS endpoint setting to STS AssumeRole clients

[hligit]

Summary

When AWS_USE_FIPS_ENDPOINT=true is set (or use_fips_endpoint=true in an AWS config/profile file), Vector applies FIPS endpoints to the primary service client (e.g., S3, Kinesis) but does not propagate the setting to the STS client used for AssumeRole credential operations. This causes STS calls to go to sts.<region>.amazonaws.com instead of sts-fips.<region>.amazonaws.com, breaking environments that require all AWS traffic to use FIPS-validated endpoints.

Also bumps aws-config from 1.8.13 to 1.8.16. This version bump is required for the fix: ProviderConfig::with_use_fips() was pub(crate) in 1.8.13 and was made pub in 1.8.16 via smithy-rs#4551, which is precisely what allows external consumers (like Vector) to propagate the FIPS setting to credential providers.

Vector configuration

sinks:
  kinesis:
    type: aws_kinesis_streams
    inputs: ["dummy"]
    stream_name: "my-stream"
    region: "us-east-1"
    auth:
      assume_role: "arn:aws:iam::123456789012:role/MyRole"

Run with: AWS_USE_FIPS_ENDPOINT=true vector --config vector.yaml

How did you test this PR?

• Built Vector and ran it under strace -f -e trace=network with AWS_USE_FIPS_ENDPOINT=true, verifying that STS DNS lookups resolve sts-fips.us-east-1.amazonaws.com instead of sts.us-east-1.amazonaws.com.
• Repeated with AWS_USE_FIPS_ENDPOINT=false as a control, confirming regular STS endpoints are used.

Change Type

• Bug fix
• New feature
• Dependencies
• Non-functional (chore, refactoring, docs)
• Performance

Is this a breaking change?

• Yes
• No

Does this PR include user facing changes?

• Yes. Please add a changelog fragment based on our guidelines.
• No. A maintainer will apply the no-changelog label to this PR.

References

Closes #18382

Notes

• Please read our Vector contributor resources.
• Do not hesitate to use @vectordotdev/vector to reach out to us regarding this PR.
• Some CI checks run only after we manually approve them.
  • We recommend adding a pre-push hook, please see this template.
  • Alternatively, we recommend running the following locally before pushing to the remote branch:
    • make fmt
    • make check-clippy (if there are failures it's possible some of them can be fixed with make clippy-fix)
    • make test
• After a review is requested, please avoid force pushes to help us review incrementally.
  • Feel free to push as many commits as you want. They will be squashed into one before merging.
  • For example, you can run git merge origin master and git push.
• If this PR introduces changes Vector dependencies (modifies Cargo.lock), please
  run make build-licenses to regenerate the license inventory and commit the changes (if any). More details on the dd-rust-license-tool.