release-22.2: cloud/amazon: support external ID in AWS assume role

[rhu713]

Backport 1/1 commits from #91040.

/cc @cockroachdb/release

---

Support passing in the optional external ID when assuming a role. This is done by extending the values of the comma-separated string value of the ASSUME_ROLE parameter to the format <role>;external_id=<id>. Users can still use the previous format of just <role> to specify a role without any external ID.

When using role chaining, each role in the chain can be associated with a different external ID. For example:
ASSUME_ROLE=<roleA>;external_id=<idA>,<roleB>;external_id=<idB>,<roleC> will use external ID <idA> to assume delegate <roleA>, then use external ID <idB> to assume delegate <roleB>, and finally no external ID to assume the final role <roleC>.

Additional documentation about external IDs can be found here: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html

Release note (enterprise change): Support passing in the optional external ID when assuming a role. This is done by extending the values of the comma-separated string value of the ASSUME_ROLE parameter to the format <role>;external_id=<id>. Users can still use the previous format of just <role> to specify a role without any external ID.

When using role chaining, each role in the chain can be associated with a different external ID. For example:
ASSUME_ROLE=<roleA>;external_id=<idA>,<roleB>;external_id=<idB>,<roleC> will use external ID <idA> to assume delegate <roleA>, then use external ID <idB> to assume delegate <roleB>, and finally no external ID to assume the final role <roleC>.

Addresses #90239

Release justification: low risk, high impact feature.

[blathers-crl]

Thanks for opening a backport.

Please check the backport criteria before merging:

• Patches should only be created for serious issues or test-only changes.
• Patches should not break backwards-compatibility.
• Patches should change as little code as possible.
• Patches should not change on-disk formats or node communication protocols.
• Patches should not add new functionality.
• Patches must not add, edit, or otherwise modify cluster versions; or add version gates.

If some of the basic criteria cannot be satisfied, ensure that the exceptional criteria are satisfied within.

• There is a high priority need for the functionality that cannot wait until the next release and is difficult to address in another way.
• The new functionality is additive-only and only runs for clusters which have specifically “opted in” to it (e.g. by a cluster setting).
• New code is protected by a conditional check that is trivial to verify and ensures that it only runs for opt-in clusters.
• The PM and TL on the team that owns the changed code have signed off that the change obeys the above rules.

Add a brief release justification to the body of your PR to justify this backport.

Some other things to consider:

• What did we do to ensure that a user that doesn’t know & care about this backport, has no idea that it happened?
• Will this work in a cluster of mixed patch versions? Did we test that?
• If a user upgrades a patch version, uses this feature, and then downgrades, what happens?

[cockroach-teamcity]

This change is 

[stevendanna]

While not guarded by a cluster setting, this code is "opt in" in the sense that users would need to specify a new external storage connection string to use it.

In a mixed-version cluster, it appears that users using the old syntax will still work because we populate both the new and old protobuf fields. If a user users uses the new sytanx, presumably their eventual cloud requests will fail on non-upgrade nodes that don't support the external id's yet.

cc @livlobo to confirm that this is a high priority feature request for backport.

[rhu713]

confirmed with @livlobo that this is good to merge.