Support IAM Roles for Kubernetes Service Accounts (IRSA)

[zdoherty]

Is your feature request related to a problem? Please describe.
I feel it's very tedious to issue, rotate, and smuggle AWS IAM keys around different config files or into the drone-secrets service. While drone-cache currently supports using instance profile credentials when running on EC2, it doesn't support leveraging IAM Roles for Service Accounts (IRSA) credentials when running on Kubernetes, specifically on EKS.

Describe the solution you'd like
Support for IRSA should only require using a minimum version of the Go AWS SDK. Specifically, their docs mention version 1.23.13 as the minimum recommended version. Upgrading to this version, with no other code changes, should enable support for IRSA.

Describe alternatives you've considered
As far as I know, support for using credentials via sts.AssumeRoleWithWebIdentity is best accomplished by the AWS SDK's default credential management system. I haven't considered alternatives, but I do believe relying on the upstream SDK is the best solution.

Additional context
Technically, this isn't just adding support for IRSA, but for web identity IAM credentials, in general.

Here's the relevant upstream PR: aws/aws-sdk-go#2667

[bilenkis]

Also relevant for us.