feat: Use RRSA to configure the cloud API access

[jwcesign]

What would you like to be added:
We should use RRSA to implement the cloud API access.

Why is this needed:
Now, we will use a secret (containing AK/SK) to configure cloud API access, which is convenient and fast for development, but it's unsafe. In the future, we should use RRSA to implement this, as it is more secure.

Completion requirements:

This enhancement requires the following artifacts:

• Design doc
• API change
• Docs update

The artifacts should be linked in subsequent comments.

[daimaxiaxie]

From the documentation, it seems that RRSA only supports ACK. Maybe STS is a more general choice.

[jwcesign]

From the documentation, it seems that RRSA only supports ACK. Maybe STS is a more general choice.

Do u have any related doc? Can u paste the link here?

[jwcesign]

Based on the doc, rrsa is based on STS. So, we are talking about the same thing, the best practice doc: https://help.aliyun.com/zh/landing-zone/solution-115