aws-vpc-move-ip/aws-vpc-route53/awseip/awsvip: add auth_type parameter and AWS Policy based authentication type

[oalbrigt]

Based on https://github.com/ClusterLabs/resource-agents/pull/1899

[gguifelixamz]

@oalbrigt For auth_type I would recommend the options to be key or role because on how IAM works. A policy goes into a role, and a role is attached to an EC2 instance (where pacemaker is running). A role can have "N" policies but an EC2 instance can have only one role, and effectively is the Role that grants the EC2 instance authorization and authentication to perform an API call.

[oalbrigt]

@gguifelixamz Thanks. I've updated accordingly, and improved the logic, so region can be used even for profiles, and give an error if not set when using role authentication.

[oalbrigt]

retest this please

[oalbrigt]

retest this please

[oalbrigt]

Tested by following https://github.com/ClusterLabs/resource-agents/pull/1899#issuecomment-1808882317 and updating .AWS/env/${AWS_PCS_ROLE_POLICY} to the following to make it work with all the agents:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "ec2:DescribeInstances",
                "ec2:StartInstances",
                "ec2:StopInstances"
                "ec2:RebootInstances",
                "ec2:DescribeTags",
                "ec2:ModifyInstanceAttribute",
                "ec2:DescribeInstanceAttribute",
                "ec2:AssignPrivateIpAddresses",
                "ec2:UnassignPrivateIpAddresses",
                "ec2:DescribeAddresses",
                "ec2:AssociateAddress",
                "ec2:DisassociateAddress",
                "ec2:DescribeRouteTables",
                "ec2:ReplaceRoute"
            ],
            "Resource": "*"
        }
    ]
}