fix(storage): AWS Dynamic Credentials (Assume Role)

[hugoghx]

This PR introduces fixes to enable operators to use AWS dynamic credentials on the storage side of this plugin, namely validation, improved credential lifecycle management to allow for storage buckets to be updated from static to dynamic credentials and vice versa, and a new way to determine credential types.

It also introduces new tests for dynamic credential usage for the various functions.

Finally, it also fixes a problem with static rotated credentials being deleted from AWS when the plugin errored due to lack of validation

[hugoghx]

TODO: Once V2 of awsutil gets merged, update go.mod to use that

[hugoghx]

I'm happy to approve this PR as long as we have a follow up task for a later date to resolve the issue of orphaned secrets that boundary manages when invoking update storage bucket.

Yep, that's already set-up :)

[hugoghx]

Merging this PR onto ddebko-fix-assume-role. For any new/ongoing discussions, please post in https://github.com/hashicorp/boundary-plugin-aws/pull/34 instead