[Feature]: Support ECR as OCI Storage Backends for AWS Deployments

[vivekkrishna]

Problem Statement

Body:

## Problem Statement

Currently, the Directory Server's OCI storage backend (`store/oci/`) assumes:
1. Local OCI registry (Zot, Docker) within the same cluster
2. Registry auth via hardcoded credentials (username/password)
3. No AWS-native service integration

This prevents private AWS deployments because:

- **ECR requires AWS SigV4 authentication** (not basic auth)
- **S3-backed registries** need AWS IAM role support
- **No private VPC endpoint support** for AWS services
- **Container images must be pulled from external public registries**



### Proposed Solution


## Proposed Solution

Support **ECR** OCI registries** natively:

### Environment Variables to Add

```yaml
# Storage Backend (NEW)
DIRECTORY_SERVER_OCI_BACKEND: "zot"  # Current default
# OR
DIRECTORY_SERVER_OCI_BACKEND: "ecr"   # NEW: AWS ECR

# ECR Backend Configuration (NEW)
DIRECTORY_SERVER_ECR_REGISTRY: "123456789.dkr.ecr.us-east-1.amazonaws.com"
DIRECTORY_SERVER_ECR_REGION: "us-east-1"
DIRECTORY_SERVER_ECR_REPOSITORY: "agntcy-directory"
DIRECTORY_SERVER_ECR_AUTH_MODE: "iam"  # NEW: Use ECS Task Role, not static keys

# Existing (keep as-is)
DIRECTORY_SERVER_OCI_REGISTRY_ADDRESS: "localhost:5000"
DIRECTORY_SERVER_OCI_REPOSITORY_NAME: "agntcy-dir"
DIRECTORY_SERVER_OCI_AUTH_CONFIG_USERNAME: "user"
DIRECTORY_SERVER_OCI_AUTH_CONFIG_PASSWORD: "pass"
DIRECTORY_SERVER_OCI_INSECURE: "false"

### Alternatives Considered

_No response_

### Additional Context

_No response_

### Checklist

- [x] I have read the [contributing guidelines](/agntcy/repo-template/blob/main/CONTRIBUTING.md)
- [x] I have verified this does not duplicate an existing feature request