fix: route push/pull through CLI when cloud storage env vars are set

[harry-miller-trimble]

Problem

When bd connects to an external dolt-sql-server (server mode), CALL DOLT_PUSH/DOLT_PULL executes inside the server process. That server only has env vars from when it was started. If cloud credentials (AZURE_STORAGE_ACCOUNT, AWS_ACCESS_KEY_ID, etc.) were set or changed after the server started, the SQL path silently fails to authenticate.

This breaks Azure Blob Storage, AWS S3, and GCS remotes when using bd dolt start (or auto-start) followed by bd dolt push/pull.

Fix

Add shouldUseCLIForCloudAuth() which detects cloud storage env var prefixes and routes through a CLI subprocess (dolt push/dolt pull) when in server mode. The subprocess inherits the current environment, ensuring credentials always reach the dolt process.

Cloud env prefixes detected:

• AZURE_STORAGE_* — Azure Blob Storage
• AWS_* — AWS S3
• GOOGLE_* / GCS_* — Google Cloud Storage
• OCI_* — Oracle Cloud Infrastructure
• DOLT_REMOTE_* — Dolt-specific remote credentials

Applied to Push, ForcePush, and Pull methods in DoltStore.

Test Coverage

11 new test cases in credentials_test.go:

• 8 positive: each cloud provider prefix triggers CLI routing
• 3 negative: no env vars, embedded mode, no CLI remote

Backward Compatibility

• No behavioral change when no cloud env vars are set (existing SQL path unchanged)
• No behavioral change in embedded mode (env vars are in-process)
• CLI routing only activates when: cloud env vars present + server mode + remote configured locally

Closes harry-miller-trimble#6

[maphew]

Thanks @harry-miller-trimble — solid fix for a subtle issue. The CLI fallback when cloud creds are set after server start is a good approach, and the test coverage is thorough.