Description

In #668 we're changing the configuration of MotherDuck tokens to use FOREIGN SERVER + USER MAPPING under the hood. We have some helper functions for the most common usages to get people started. For more complex scenarios where different PG users require different tokens, the can define their own USER MAPPINGs to do so.

We should align our secrets management with this too. That way different PG users can use different S3 tokens to connect to the same bucket. Again we need easy to use helpers for the most common cases. Something like:

duckdb.create_secret(
	's3', 
	key_id := 'AKIAIOSFODNN7EXAMPLE',
	secret := 'wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY',
	region := 'us-east-1'
);