Support Snowflake-provided OAuth token in Snowpark Container Services

[burnash]

Background

When a dlt pipeline runs inside Snowpark Container Services, Snowflake mounts an OAuth access token at /snowflake/session/token and exposes SNOWFLAKE_HOST / SNOWFLAKE_ACCOUNT env vars. A standard connector call then looks like:

def get_login_token():
    with open('/snowflake/session/token', 'r') as f:
        return f.read()

conn = snowflake.connector.connect(
    host = os.getenv('SNOWFLAKE_HOST'),
    account = os.getenv('SNOWFLAKE_ACCOUNT'),
    token = get_login_token(),
    authenticator = 'oauth'
)

Task

Extend dlt’s Snowflake destination to auto-detect and use that token so no extra credentials are required in-container.

Implementation

1. Update SnowflakeCredentials.on_resolved so if /snowflake/session/token exists and not explicitly passed via token param, we use it along with env's SNOWFLAKE_HOST and SNOWFLAKE_ACCOUNT
2. Do not require username argument
3. Update to_connector_params to use token, host and account
4. Include tests
5. Update docs with an example

[rudolfix]

Should we always probe for well known snowflake env variables if dlt configuration is not present, ie. if host is missing we take it from env (SNOWFLAKE_ACCOUNT - I know names are swapped)? looks like they are kind of official: https://docs.snowflake.com/en/developer-guide/snowflake-cli/connecting/configure-connections