Automatically refresh expired container credentials

[josb]

So far, testing by @mk4437 suggests this patch addresses the S3 errors [#728] we are seeing. Happy to tweak this patch further as needed.

[codecov-commenter]

Codecov Report

Merging #754 (d014f94) into master (ad8f261) will decrease coverage by 0.04%.
The diff coverage is 0.00%.

❗ Current head d014f94 differs from pull request most recent head e580187. Consider uploading reports for the commit e580187 to get more accurate results

@@            Coverage Diff             @@
##           master     #754      +/-   ##
==========================================
- Coverage   73.26%   73.21%   -0.05%     
==========================================
  Files          49       49              
  Lines       10831    10838       +7     
==========================================
  Hits         7935     7935              
- Misses       2896     2903       +7     

Impacted Files	Coverage Δ
crates/symbolicator/src/services/download/s3.rs	40.65% <0.00%> (-0.80%)	⬇️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update ad8f261...e580187. Read the comment docs.

[Swatinem]

Might be good to clear up that panic/unwrap situation. Otherwise this looks good, apart from CI complaining.

The Changelog check should have actually suggested a code change, but that seems to have broken recently; I will look into that.

[Swatinem]

As source configs are being fed into symbolicator with each request, we should avoid panic-ing as much as possible. I haven’t looked at the docs to figure out the exact failure conditions for this Result, it might as well be an extreme edge-case condition in which case it might as well be okay to unwrap.

[josb]

Looking at the source of rusoto_credential::AutoRefreshingProvider::new, I don't even understand how it can return CredentialsError?

[Swatinem]

As the upstream implementation unconditionally returns an Ok, I’m a bit more inclined to just do an unwrap. Either way, I think the compiler should be smart enough to optimize all that away.