feat: add S3-compatible storage provider (MinIO, Ceph, R2, etc.)

Adds a new 'S3-Compatible Storage' provider that works with any
S3-API-compatible object storage service, including MinIO, Ceph,
Cloudflare R2, Backblaze B2, and others.

Changes:
- New provider class: classes/providers/storage/s3-compatible-provider.php
  - Provider key: s3compatible
  - Reads user-configured endpoint URL from settings
  - Uses path-style URL access (required by most S3-compatible services)
  - Supports credentials via AS3CF_S3COMPAT_ACCESS_KEY_ID /
    AS3CF_S3COMPAT_SECRET_ACCESS_KEY wp-config.php constants
  - Disables AWS-specific features (Block Public Access, Object Ownership)
- New provider SVG icons (s3compatible.svg, -link.svg, -round.svg)
- Registered provider in main plugin class with endpoint setting support
- Updated StorageProviderSubPage to show endpoint URL input for S3-compatible
- Built pro settings bundle with rollup (Svelte 4.2.19)
- Added package.json and updated rollup.config.mjs for pro-only builds

vendor/Aws3/Aws/Sts/Exception/StsException.php

@@ -0,0 +1,11 @@
+<?php
+
+namespace DeliciousBrains\WP_Offload_Media\Aws3\Aws\Sts\Exception;
+
+use DeliciousBrains\WP_Offload_Media\Aws3\Aws\Exception\AwsException;
+/**
+ * AWS Security Token Service exception.
+ */
+class StsException extends AwsException
+{
+}

vendor/Aws3/Aws/Sts/RegionalEndpoints/Configuration.php

@@ -0,0 +1,35 @@
+<?php
+
+namespace DeliciousBrains\WP_Offload_Media\Aws3\Aws\Sts\RegionalEndpoints;
+
+class Configuration implements ConfigurationInterface
+{
+    private $endpointsType;
+    private $isFallback;
+    public function __construct($endpointsType, $isFallback = \false)
+    {
+        $this->endpointsType = \strtolower($endpointsType);
+        $this->isFallback = $isFallback;
+        if (!\in_array($this->endpointsType, ['legacy', 'regional'])) {
+            throw new \InvalidArgumentException("Configuration parameter must either be 'legacy' or 'regional'.");
+        }
+    }
+    /**
+     * {@inheritdoc}
+     */
+    public function getEndpointsType()
+    {
+        return $this->endpointsType;
+    }
+    /**
+     * {@inheritdoc}
+     */
+    public function toArray()
+    {
+        return ['endpoints_type' => $this->getEndpointsType()];
+    }
+    public function isFallback()
+    {
+        return $this->isFallback;
+    }
+}

vendor/Aws3/Aws/Sts/RegionalEndpoints/ConfigurationInterface.php

@@ -0,0 +1,22 @@
+<?php
+
+namespace DeliciousBrains\WP_Offload_Media\Aws3\Aws\Sts\RegionalEndpoints;
+
+/**
+ * Provides access to STS regional endpoints configuration options: endpoints_type
+ */
+interface ConfigurationInterface
+{
+    /**
+     * Returns the endpoints type
+     *
+     * @return string
+     */
+    public function getEndpointsType();
+    /**
+     * Returns the configuration as an associative array
+     *
+     * @return array
+     */
+    public function toArray();
+}

vendor/Aws3/Aws/Sts/RegionalEndpoints/ConfigurationProvider.php

@@ -0,0 +1,169 @@
+<?php
+
+namespace DeliciousBrains\WP_Offload_Media\Aws3\Aws\Sts\RegionalEndpoints;
+
+use DeliciousBrains\WP_Offload_Media\Aws3\Aws\AbstractConfigurationProvider;
+use DeliciousBrains\WP_Offload_Media\Aws3\Aws\CacheInterface;
+use DeliciousBrains\WP_Offload_Media\Aws3\Aws\ConfigurationProviderInterface;
+use DeliciousBrains\WP_Offload_Media\Aws3\Aws\Sts\RegionalEndpoints\Exception\ConfigurationException;
+use DeliciousBrains\WP_Offload_Media\Aws3\GuzzleHttp\Promise;
+use DeliciousBrains\WP_Offload_Media\Aws3\GuzzleHttp\Promise\PromiseInterface;
+/**
+ * A configuration provider is a function that returns a promise that is
+ * fulfilled with a {@see \Aws\Sts\RegionalEndpoints\ConfigurationInterface}
+ * or rejected with an {@see \Aws\Sts\RegionalEndpoints\Exception\ConfigurationException}.
+ *
+ * <code>
+ * use Aws\Sts\RegionalEndpoints\ConfigurationProvider;
+ * $provider = ConfigurationProvider::defaultProvider();
+ * // Returns a ConfigurationInterface or throws.
+ * $config = $provider()->wait();
+ * </code>
+ *
+ * Configuration providers can be composed to create configuration using
+ * conditional logic that can create different configurations in different
+ * environments. You can compose multiple providers into a single provider using
+ * {@see \Aws\Sts\RegionalEndpoints\ConfigurationProvider::chain}. This function
+ * accepts providers as variadic arguments and returns a new function that will
+ * invoke each provider until a successful configuration is returned.
+ *
+ * <code>
+ * // First try an INI file at this location.
+ * $a = ConfigurationProvider::ini(null, '/path/to/file.ini');
+ * // Then try an INI file at this location.
+ * $b = ConfigurationProvider::ini(null, '/path/to/other-file.ini');
+ * // Then try loading from environment variables.
+ * $c = ConfigurationProvider::env();
+ * // Combine the three providers together.
+ * $composed = ConfigurationProvider::chain($a, $b, $c);
+ * // Returns a promise that is fulfilled with a configuration or throws.
+ * $promise = $composed();
+ * // Wait on the configuration to resolve.
+ * $config = $promise->wait();
+ * </code>
+ */
+class ConfigurationProvider extends AbstractConfigurationProvider implements ConfigurationProviderInterface
+{
+    const DEFAULT_ENDPOINTS_TYPE = 'legacy';
+    const ENV_ENDPOINTS_TYPE = 'AWS_STS_REGIONAL_ENDPOINTS';
+    const ENV_PROFILE = 'AWS_PROFILE';
+    const INI_ENDPOINTS_TYPE = 'sts_regional_endpoints';
+    public static $cacheKey = 'aws_sts_regional_endpoints_config';
+    protected static $interfaceClass = ConfigurationInterface::class;
+    protected static $exceptionClass = ConfigurationException::class;
+    /**
+     * Create a default config provider that first checks for environment
+     * variables, then checks for a specified profile in the environment-defined
+     * config file location (env variable is 'AWS_CONFIG_FILE', file location
+     * defaults to ~/.aws/config), then checks for the "default" profile in the
+     * environment-defined config file location, and failing those uses a default
+     * fallback set of configuration options.
+     *
+     * This provider is automatically wrapped in a memoize function that caches
+     * previously provided config options.
+     *
+     * @param array $config
+     *
+     * @return callable
+     */
+    public static function defaultProvider(array $config = [])
+    {
+        $configProviders = [self::env()];
+        if (!isset($config['use_aws_shared_config_files']) || $config['use_aws_shared_config_files'] != \false) {
+            $configProviders[] = self::ini();
+        }
+        $configProviders[] = self::fallback();
+        $memo = self::memoize(\call_user_func_array([ConfigurationProvider::class, 'chain'], $configProviders));
+        if (isset($config['sts_regional_endpoints']) && $config['sts_regional_endpoints'] instanceof CacheInterface) {
+            return self::cache($memo, $config['sts_regional_endpoints'], self::$cacheKey);
+        }
+        return $memo;
+    }
+    /**
+     * Provider that creates config from environment variables.
+     *
+     * @return callable
+     */
+    public static function env()
+    {
+        return function () {
+            // Use config from environment variables, if available
+            $endpointsType = \getenv(self::ENV_ENDPOINTS_TYPE);
+            if (!empty($endpointsType)) {
+                return Promise\Create::promiseFor(new Configuration($endpointsType));
+            }
+            return self::reject('Could not find environment variable config' . ' in ' . self::ENV_ENDPOINTS_TYPE);
+        };
+    }
+    /**
+     * Fallback config options when other sources are not set.
+     *
+     * @return callable
+     */
+    public static function fallback()
+    {
+        return function () {
+            return Promise\Create::promiseFor(new Configuration(self::DEFAULT_ENDPOINTS_TYPE, \true));
+        };
+    }
+    /**
+     * Config provider that creates config using a config file whose location
+     * is specified by an environment variable 'AWS_CONFIG_FILE', defaulting to
+     * ~/.aws/config if not specified
+     *
+     * @param string|null $profile  Profile to use. If not specified will use
+     *                              the "default" profile.
+     * @param string|null $filename If provided, uses a custom filename rather
+     *                              than looking in the default directory.
+     *
+     * @return callable
+     */
+    public static function ini($profile = null, $filename = null)
+    {
+        $filename = $filename ?: self::getDefaultConfigFilename();
+        $profile = $profile ?: (\getenv(self::ENV_PROFILE) ?: 'default');
+        return function () use($profile, $filename) {
+            if (!@\is_readable($filename)) {
+                return self::reject("Cannot read configuration from {$filename}");
+            }
+            $data = \DeliciousBrains\WP_Offload_Media\Aws3\Aws\parse_ini_file($filename, \true);
+            if ($data === \false) {
+                return self::reject("Invalid config file: {$filename}");
+            }
+            if (!isset($data[$profile])) {
+                return self::reject("'{$profile}' not found in config file");
+            }
+            if (!isset($data[$profile][self::INI_ENDPOINTS_TYPE])) {
+                return self::reject("Required STS regional endpoints config values\n                    not present in INI profile '{$profile}' ({$filename})");
+            }
+            return Promise\Create::promiseFor(new Configuration($data[$profile][self::INI_ENDPOINTS_TYPE]));
+        };
+    }
+    /**
+     * Unwraps a configuration object in whatever valid form it is in,
+     * always returning a ConfigurationInterface object.
+     *
+     * @param  mixed $config
+     * @return ConfigurationInterface
+     * @throws \InvalidArgumentException
+     */
+    public static function unwrap($config)
+    {
+        if (\is_callable($config)) {
+            $config = $config();
+        }
+        if ($config instanceof PromiseInterface) {
+            $config = $config->wait();
+        }
+        if ($config instanceof ConfigurationInterface) {
+            return $config;
+        }
+        if (\is_string($config)) {
+            return new Configuration($config);
+        }
+        if (\is_array($config) && isset($config['endpoints_type'])) {
+            return new Configuration($config['endpoints_type']);
+        }
+        throw new \InvalidArgumentException('Not a valid STS regional endpoints ' . 'configuration argument.');
+    }
+}

vendor/Aws3/Aws/Sts/RegionalEndpoints/Exception/ConfigurationException.php

@@ -0,0 +1,13 @@
+<?php
+
+namespace DeliciousBrains\WP_Offload_Media\Aws3\Aws\Sts\RegionalEndpoints\Exception;
+
+use DeliciousBrains\WP_Offload_Media\Aws3\Aws\HasMonitoringEventsTrait;
+use DeliciousBrains\WP_Offload_Media\Aws3\Aws\MonitoringEventsInterface;
+/**
+ * Represents an error interacting with configuration for sts regional endpoints
+ */
+class ConfigurationException extends \RuntimeException implements MonitoringEventsInterface
+{
+    use HasMonitoringEventsTrait;
+}

vendor/Aws3/Aws/Sts/StsClient.php

@@ -0,0 +1,113 @@
+<?php
+
+namespace DeliciousBrains\WP_Offload_Media\Aws3\Aws\Sts;
+
+use DeliciousBrains\WP_Offload_Media\Aws3\Aws\Arn\ArnParser;
+use DeliciousBrains\WP_Offload_Media\Aws3\Aws\AwsClient;
+use DeliciousBrains\WP_Offload_Media\Aws3\Aws\CacheInterface;
+use DeliciousBrains\WP_Offload_Media\Aws3\Aws\Credentials\Credentials;
+use DeliciousBrains\WP_Offload_Media\Aws3\Aws\Result;
+use DeliciousBrains\WP_Offload_Media\Aws3\Aws\Sts\RegionalEndpoints\ConfigurationProvider;
+/**
+ * This client is used to interact with the **AWS Security Token Service (AWS STS)**.
+ *
+ * @method \Aws\Result assumeRole(array $args = [])
+ * @method \GuzzleHttp\Promise\Promise assumeRoleAsync(array $args = [])
+ * @method \Aws\Result assumeRoleWithSAML(array $args = [])
+ * @method \GuzzleHttp\Promise\Promise assumeRoleWithSAMLAsync(array $args = [])
+ * @method \Aws\Result assumeRoleWithWebIdentity(array $args = [])
+ * @method \GuzzleHttp\Promise\Promise assumeRoleWithWebIdentityAsync(array $args = [])
+ * @method \Aws\Result decodeAuthorizationMessage(array $args = [])
+ * @method \GuzzleHttp\Promise\Promise decodeAuthorizationMessageAsync(array $args = [])
+ * @method \Aws\Result getAccessKeyInfo(array $args = [])
+ * @method \GuzzleHttp\Promise\Promise getAccessKeyInfoAsync(array $args = [])
+ * @method \Aws\Result getCallerIdentity(array $args = [])
+ * @method \GuzzleHttp\Promise\Promise getCallerIdentityAsync(array $args = [])
+ * @method \Aws\Result getFederationToken(array $args = [])
+ * @method \GuzzleHttp\Promise\Promise getFederationTokenAsync(array $args = [])
+ * @method \Aws\Result getSessionToken(array $args = [])
+ * @method \GuzzleHttp\Promise\Promise getSessionTokenAsync(array $args = [])
+ */
+class StsClient extends AwsClient
+{
+    /**
+     * {@inheritdoc}
+     *
+     * In addition to the options available to
+     * {@see \Aws\AwsClient::__construct}, StsClient accepts the following
+     * options:
+     *
+     * - sts_regional_endpoints:
+     *   (Aws\Sts\RegionalEndpoints\ConfigurationInterface|Aws\CacheInterface\|callable|string|array)
+     *   Specifies whether to use regional or legacy endpoints for legacy regions.
+     *   Provide an Aws\Sts\RegionalEndpoints\ConfigurationInterface object, an
+     *   instance of Aws\CacheInterface, a callable configuration provider used
+     *   to create endpoint configuration, a string value of `legacy` or
+     *   `regional`, or an associative array with the following keys:
+     *   endpoint_types (string)  Set to `legacy` or `regional`, defaults to
+     *   `legacy`
+     *
+     * @param array $args
+     */
+    public function __construct(array $args)
+    {
+        if (!isset($args['sts_regional_endpoints']) || $args['sts_regional_endpoints'] instanceof CacheInterface) {
+            $args['sts_regional_endpoints'] = ConfigurationProvider::defaultProvider($args);
+        }
+        $this->addBuiltIns($args);
+        parent::__construct($args);
+    }
+    /**
+     * Creates credentials from the result of an STS operations
+     *
+     * @param Result $result Result of an STS operation
+     *
+     * @return Credentials
+     * @throws \InvalidArgumentException if the result contains no credentials
+     */
+    public function createCredentials(Result $result)
+    {
+        if (!$result->hasKey('Credentials')) {
+            throw new \InvalidArgumentException('Result contains no credentials');
+        }
+        $accountId = null;
+        if ($result->hasKey('AssumedRoleUser')) {
+            $parsedArn = ArnParser::parse($result->get('AssumedRoleUser')['Arn']);
+            $accountId = $parsedArn->getAccountId();
+        } elseif ($result->hasKey('FederatedUser')) {
+            $parsedArn = ArnParser::parse($result->get('FederatedUser')['Arn']);
+            $accountId = $parsedArn->getAccountId();
+        }
+        $credentials = $result['Credentials'];
+        $expiration = isset($credentials['Expiration']) && $credentials['Expiration'] instanceof \DateTimeInterface ? (int) $credentials['Expiration']->format('U') : null;
+        return new Credentials($credentials['AccessKeyId'], $credentials['SecretAccessKey'], isset($credentials['SessionToken']) ? $credentials['SessionToken'] : null, $expiration, $accountId);
+    }
+    /**
+     * Adds service-specific client built-in value
+     *
+     * @return void
+     */
+    private function addBuiltIns($args)
+    {
+        $key = 'AWS::STS::UseGlobalEndpoint';
+        $result = $args['sts_regional_endpoints'] instanceof \Closure ? $args['sts_regional_endpoints']()->wait() : $args['sts_regional_endpoints'];
+        if (\is_string($result)) {
+            if ($result === 'regional') {
+                $value = \false;
+            } else {
+                if ($result === 'legacy') {
+                    $value = \true;
+                } else {
+                    return;
+                }
+            }
+        } else {
+            if ($result->getEndpointsType() === 'regional') {
+                $value = \false;
+            } else {
+                $value = \true;
+            }
+        }
+        $this->clientBuiltIns[$key] = $value;
+    }
+}