feat: presign urls

[designcode]

Note

Medium Risk
Adds new functionality that generates presigned URLs and, for OAuth users, queries IAM access keys and prompts for selection; incorrect access-key selection/validation could lead to unintended access or failures. Also updates several runtime and tooling dependencies, which may introduce subtle behavior changes.

Overview
Adds a new presign CLI command to generate temporary presigned GET/PUT URLs for bucket/key paths (supports t3:///tigris://), with configurable expiry and url/json output.

When no access key is configured or provided, the command now supports OAuth sessions by listing IAM access keys, filtering to active keys with bucket access, and prompting interactively (with sensible fallbacks/auto-select).

Updates CLI specs/docs to expose presign and clarifies buckets set-notifications --filter to be a SQL WHERE clause example. Bumps several dependencies (AWS SDK, @tigrisdata/storage, axios, lint/tooling) and removes commitizen config from package.json.

^{Written by Cursor Bugbot for commit 85dac95. This will update automatically on new commits. Configure here.}

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.}

[github-actions]

🎉 This PR is included in version 2.12.0 🎉

The release is available on:

• GitHub release
• npm package (@latest dist-tag)

Your semantic-release bot 📦🚀