[GEP-26] Workload Identity support

[dimityrmirchev]

How to categorize this PR?

/area security ipcei /kind enhancement /label ipcei/workload-identity /platform aws

What this PR does / why we need it: This PR adds support for workload identity.

Which issue(s) this PR fixes: Part of https://github.com/gardener/gardener/issues/9586

Special notes for your reviewer: Depends on:

• https://github.com/gardener/aws-ipam-controller/pull/59
• https://github.com/gardener/aws-custom-route-controller/pull/47
• https://github.com/gardener/machine-controller-manager-provider-aws/pull/177

For the purpose of developing and testing this PR the local setup with extension + workload identity support can be utilised. https://github.com/gardener/gardener/blob/master/docs/deployment/getting_started_locally_with_extensions.md#setting-up-gardener-garden-on-kind-seed-on-gardener-cluster

Documentation in this PR is still to be added, but PR can be reviewed and tested. Please see the relevant aws documentation (example with github actions) https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_oidc.html and https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-idp_oidc.html#idp_oidc_Create_GitHub

Release note:

The extension now supports `Shoot`s using `WorkloadIdentity`s instead of cloud provider credentials.

[gardener-robot]

@dimityrmirchev Label ipcei/workload-identity does not exist.