feat: upgrade aws_credentials to 1.0.0 for Kubernetes IRSA support

[andrepastore]

Overview

This PR upgrades the aws_credentials dependency from version 0.3.4 to 1.0.0, enabling support for IAM Roles for Service Accounts (IRSA) when running Sequin in Kubernetes environments.

What changed

• Upgraded aws_credentials from ~> 0.3.4 to ~> 1.0.0

Why this matters

The 1.0.0 release of aws_credentials adds support for Kubernetes service account-based authentication using IRSA (IAM Roles for Service Accounts). This enhancement allows Sequin to:

• Securely access AWS services (SQS, S3, etc.) when deployed in Kubernetes clusters
• Use service account annotations to assume IAM roles automatically
• Eliminate the need for manual credential management or storing static AWS credentials
• Follow AWS security best practices by leveraging temporary credentials

How it works

When Sequin is deployed in a Kubernetes cluster with IRSA configured:

1. The Kubernetes service account is annotated with an IAM role ARN
2. The cluster's OIDC provider establishes trust with AWS IAM
3. The aws_credentials library automatically uses the web identity token file provided by Kubernetes
4. Temporary AWS credentials are obtained by assuming the specified IAM role

Testing

This dependency upgrade maintains backward compatibility. Sequin will continue to work with existing credential configurations while adding support for IRSA when available.

To test IRSA integration:

• Deploy Sequin in a Kubernetes cluster with IRSA configured
• Annotate the service account with eks.amazonaws.com/role-arn: <IAM_ROLE_ARN>
• Configure Sequin to use AWS services (SQS sink, etc.)
• Verify that Sequin can access AWS services without explicit credentials

Additional notes

This change is particularly beneficial for third-party deployments where Sequin needs to integrate with AWS services in containerized environments following security best practices.