fix(s3): disallow partially defined credentials in schema

[keynslug]

Fixes EMQX-11888.

Release version: e5.6

Summary

Running S3 client with only partially defined credentials does not make sense and usually causes crashes somewhere down the stack. Better to disallow this on the schema level.

PR Checklist

Please convert it to a draft if any of the following conditions are not met. Reviewers may skip over until all the items are checked:

• Added tests for the changes
• Added property-based tests for code which performs user input validation
• Changed lines covered in coverage report
• Change log has been added to changes/(ce|ee)/(feat|perf|fix|breaking)-<PR-id>.en.md files
• For internal contributor: there is a jira ticket to track this change
• Created PR to emqx-docs if documentation update is required, or link to a follow-up jira ticket
• Schema changes are backward compatible (not entirely, but this is again the point of the PR)

[thalesmg]

Shouldn't we guard that Defined =/= undefined here?

[keynslug]

Oh right! 🫠 Thanks.

[zmstone]

Since the values are not cross roots, so there is no maybe need to add a root level validator which is evaluated by all config checks even if it's not checking this root.
IIRC, we can implement roots/0 like this.

roots() ->
  [{s3, hoconsc:mk(hoconsc:ref(s3), #{validator => fun(Conf) -> ... end})].

[keynslug]

What do you mean by "cross roots"?

[zmstone]

I mean if one needs to verify root1.key1 = bar is valid given root0.key0 = foo, then it's a cross-root validation,
one would have to add a global validator.

e.g. the recently added cluster.discoverty_strategy = dns vs node.name = emqx@FQDN check.