Support static API creds

[synfinatic]

basically do what aws-vault does since people often have non-SSO roles they need to access.

So we need:

1. Way to import the config/credentials file
2. Way to manually add and delete new keys/roles
3. Add & manage records to cache?
4. Ideally get temporary tokens so if they are compromised you aren't very sad.
5. Use creds to auto-discover Account level tags
6. Need to be able to list roles
7. Automate key rotation
8. MFA support

Why this feature?

• Because orgs need to migrate to AWS SSO and this doesn't happen over night.
• Some people access accounts across multiple orgs and SSO isn't viable in that case.
• Others???

[synfinatic]

when not using SSO, need to support MFA: https://github.com/99designs/aws-vault/blob/master/USAGE.md#using-credential_process

[synfinatic]

UX:

Phase 0:

• Research MFA support? TL;DR: Use for AssumeRole/GetSessionToken calls. (Not even sure this is necessary really???)
• Need to think harder on UX and map it out. What are the workflows I wish to enable?

Phase 1:

• list -- list static roles as well as SSO
• static import -- import from config/credentials file.
• Should work with exec, console and eval

Phase 2+:

• static add -- add new static role creds
• static del -- delete static role creds
• write ~/.aws/config and generate profiles
• Import metadata for Tags + a Type tag for static vs sso
  • Should include tags on our IAM user (iam:ListUserTags)
• Automate key rotation
• Support temporary session tokens (without MFA)
• Custom tags support