When MinioClient is using a custom HTTP client and STS, then the custom HTTP client isn't used for performing the STS request. It will always revert to the default HTTP transport when using credentials.NewSTSAssumeRole (source).

Instead of using credentials.NewSTSAssumeRole, the provider can be created by passing the same HTTP client explicitly, like this:

tr := customHTTPTransport()
stsCreds := credentials.New(&credentials.STSAssumeRole{
	Client:      &http.Client{Transport: tr},
	STSEndpoint: stsEndPoint,
	Options: credentials.STSAssumeRoleOptions{/*...*/},
})
client, err := minio.New(endPoint, &minio.Options{
	Creds:     stsCreds,
	Transport: tr,
})

Although a workaround is possible, this behavior is non-intuitive. Most people would expect the MinIO client to use the specified HTTP transport for all requests that are made on behalf of MinioClient.