When a queue config sets `credentials.provider = ecs` (or `instance`),
SqsConnector::resolveCredentialProvider returned a raw EcsCredentialProvider
or InstanceProfileProvider. The AWS SDK's ClientResolver short-circuits any
callable passed as `credentials` (no automatic memoize wrap), and the signer
middleware invokes the provider on every signed request — so every SQS API
call triggered a fresh HTTP fetch to the EKS Pod Identity Agent / EC2
metadata endpoint.

Wrap the resolved provider in CredentialProvider::memoize so credentials are
cached in-process for the lifetime of the worker, with the SDK's standard
60-second pre-expiry refresh window. This matches what the SDK's own
defaultProvider() does and stops queue workers from saturating the Pod
Identity Agent's rate limiter under steady-state polling.

Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>