feat(kiteworks): add Kiteworks storage provider service

[DeepDiver1975]

Summary

• Adds a new services/storage-kiteworks oCIS service that exposes a Kiteworks server as a CS3 storage provider
• Implements the reva storage.FS interface, translating CS3 operations into Kiteworks REST API calls
• Each Kiteworks top-level folder becomes a distinct CS3 StorageSpace (owned → "project", received shares → "mountpoint")
• Authentication is pure OIDC token passthrough — no separate credentials required
• Service is opt-in: only starts when added to OCIS_ADD_RUN_SERVICES; existing deployments are unaffected

Dependency

Requires: owncloud/reva#586 — the pkg/storage/fs/kiteworks driver lives there.

This PR points go.mod at the reva PR branch commit (v2.0.0-20260511130900-472978d4d56c). Once the reva PR is merged and a new reva release/pseudo-version is cut, this PR should be updated to reference that final version.

Key configuration

Env var	Description
STORAGE_KITEWORKS_ENDPOINT	Base URL of the Kiteworks server (required)
STORAGE_KITEWORKS_MOUNT_ID	Mount ID for this storage provider (required)
STORAGE_KITEWORKS_CHUNK_SIZE	Upload chunk size in bytes (default 5 MB)
STORAGE_KITEWORKS_INSECURE	Skip TLS verification (development only)

What's included

• vendor/.../reva/v2/pkg/storage/fs/kiteworks/ — vendored kiteworks driver from feat(storage): add Kiteworks REST API storage driver reva#586
• services/storage-kiteworks/ — full oCIS service (config, defaults, logging, debug server, reva config mapping, CLI commands, binary entry point)
• StorageKiteworks field added to global config; registered via areg in the runtime

Test plan

• Service binary builds: go build ./services/storage-kiteworks/...
• Full oCIS binary builds: go build ./ocis/...
• Manual test against a Kiteworks instance: list spaces, download file, upload file
• Verify service does NOT start by default (omit from OCIS_ADD_RUN_SERVICES)
• Verify service starts and connects when OCIS_ADD_RUN_SERVICES=storage-kiteworks and STORAGE_KITEWORKS_ENDPOINT is set

---

New Service Checklist

Sourced from https://owncloud.dev/services/general-info/new-service-checklist/

• Services MUST NOT be named extended or global. These are reserved names for the automated documentation process.
• Provide a README.md for that service in the root folder of that service. Use CamelCase for section headers.
• For images and example files used in README.md: N/A — README.md contains no images or example files.
• If new CLI commands are introduced, those commands must be described in the README.md. Commands are added to ocis/pkg/command
• If new global envvars are introduced, the name must start with OCIS_. (All new envvars use STORAGE_KITEWORKS_ prefix; shared ones use OCIS_ global prefix already.)
• Add the service to the makefile in the ocis repo root.
• Service startup: added to ocis/pkg/command/services.go and registered via areg in ocis/pkg/runtime/service/service.go (optional services block). Service config added to ocis-pkg/config/defaultconfig.go.
• If the service is using service accounts, add it to ocis/pkg/init/init.go — N/A, this service does not use service accounts.
• Check that the service properly responds to ocis storage-kiteworks health and has /healthz and /readyz endpoints
• Add the service to .drone.star to enable CI. — Covered: make test / make ci-golangci-lint run all OCIS_MODULES; adding to the Makefile is sufficient.
• Inform doc team in an early stage to review the readme AND the environment variables created. The description must reflect the behaviour AND usually has a positive code quality impact.
• Create proper description strings for envvars - see other services for examples, especially when it comes to multiple values. This must include: base description, set of available values, description of each value.
• When suggested commits are created for text changes, and you agree, collect them to a batch and commit them. Do not forget to rebase locally to avoid overwriting the changes made.
• If new envvars are introduced which serve the same purpose but in multiple services, an additional envvar must be added at the beginning of the list starting with OCIS_ (global envvar). — Existing OCIS_ prefixed envvars (log, tracing, grpc) are already reused.
• Ensure that a service has a debug port
• If the new service introduces a new port: The port must be added to port-ranges.md and to the README.md file. (Port range 9285–9289 allocated for storage-kiteworks; GRPC=9285, debug=9289)
• Make sure to have a function FullDefaultConfig() in pkg/config/defaults/defaultconfig.go of your service. It is needed to create the documentation.
• Add metrics to the code to enable monitoring. — Prometheus metrics exposed via debug.NewService at /metrics; Prometheus interceptor added to reva gRPC config under ocis_storage_kiteworks namespace. Documented in README.md.
• When the service requires translations that have to be covered by the service and are not sourced by web, see the add translation documentation for more details. — N/A, this service has no user-facing translatable strings.
• If the service requires a cache or store, check existing services for implementation and add a documentation in the README.md — N/A, this service does not use a cache or store.

🤖 Generated with Claude Code

[update-docs]

Thanks for opening this pull request! The maintainers of this repository would appreciate it if you would create a changelog item based on your changes.

[mmattel]

IMPORTANT:
This is a new service, pls follow/check the New Service Checklist !
You can copy this checklist here and checkmark items when done.