Add bucket docs about access - can users get bucket access from their own laptops?

[consideRatio]

We have docs about working with object storage here. I think we have credentials setup for the users by a k8s ServiceAccount granted permission to read/write to those buckets we provide alongside the hub.

In this support ticket a user wished to get access to the bucket from a laptop, but failed with The billing account for the owning project is disabled in state absent. I'm thinking that:

1. Maybe its because the user doesn't have access at all to the bucket?
2. Maybe its because the buckets we provide are globally accessible, but that the user must pay for the networking cost of accessing them?

I don't think the current docs provide an answer to the current status, so the action point of this issue is to clarify current status and document it in the "working with object storage" section.

[yuvipanda]

@scottyhq has a way to do this!

[scottyhq]

@scottyhq has a way to do this!

Yes! @yuvipanda and I prototyped something for exactly this at SciPy. Would love to move this under the 2i2c org if it's of interest to work on and integrate into deployed hubs:

https://github.com/scottyhq/jupyter-cloud-scoped-creds (EDIT: currently AWS S3 only, not GCP storage)

[consideRatio]

Ah so my understanding is that:

1. Object storage buckets are private and not accessible without using the credentials injected to user servers
2. https://github.com/scottyhq/jupyter-cloud-scoped-creds is a way to extract AWS S3 bucket credentials specifically so that they can be used from a local laptop

The wish for working against GCP buckets are tracked in scottyhq/jupyter-cloud-scoped-creds#2.