feat: add AWS profile support for Bedrock credentials

- Add BEDROCK_AWS_PROFILE environment variable support
  - Implement AWS SDK credential provider chain for automatic refresh
  - Update credential loading logic to support profiles, static env vars, and user-provided credentials
  - Add logging for credential source transparency
  - Update .env.example with profile configuration documentation

  Follows S3 implementation pattern for credential handling.
  Enables users to configure AWS profiles with optional credential_process for automatic token refresh.

.env.example

@@ -134,8 +134,31 @@ ANTHROPIC_API_KEY=user_provided
 #=================#
 #   AWS Bedrock   #
 #=================#
+# AWS Bedrock Credentials Configuration
+#
+# Option 1: Use AWS Profile (RECOMMENDED)
+#   1. Configure credentials in ~/.aws/credentials or ~/.aws/config
+#   2. Set BEDROCK_AWS_PROFILE to your profile name
+#   The AWS SDK will automatically use the profile's credentials
+#
+#   Optional: Enable auto-refresh by configuring credential_process in ~/.aws/config
+#   Example:
+#     [profile your-profile-name]
+#     region = us-west-2
+#     credential_process = your-command-to-fetch-credentials --format json
+#
+#   See: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html
+#   For auto-refresh: https://docs.aws.amazon.com/cli/v1/userguide/cli-configure-sourcing-external.html
+#
+# Option 2: Use static environment variables (NOT recommended for temporary credentials)
+#   Set BEDROCK_AWS_ACCESS_KEY_ID, BEDROCK_AWS_SECRET_ACCESS_KEY, BEDROCK_AWS_SESSION_TOKEN
 
 # BEDROCK_AWS_DEFAULT_REGION=us-east-1 # A default region must be provided
+
+# AWS Profile (Option 1 - RECOMMENDED)
+# BEDROCK_AWS_PROFILE=your-profile-name
+
+# Static Credentials (Option 2 - use only if not using profiles)
 # BEDROCK_AWS_ACCESS_KEY_ID=someAccessKey
 # BEDROCK_AWS_SECRET_ACCESS_KEY=someSecretAccessKey
 # BEDROCK_AWS_SESSION_TOKEN=someSessionToken