Add support for aws login delivery of credentials to granted

[liwadman]

Hello, big fans over here at AWS.

We recently launched aws login, which is three things:

1)A set of APIs doing OAuthy flows to deliver temporary AWS credentials, for an active browser-based session to the AWS CLI/AWS SDKs. The different flows are exposed as two different public clients.
2)A client that does this, aws login with the AWS CLI.
3)Configuration of credentials from aws login in .aws/config, and SDK support with new credential providers for said credential type.

This is pretty neat for a lot of customers because it gives a path to get credentials to the AWS CLI, without creating long-lived akids at any point, or setting up IAM identity center.

I think it would be pretty neat for granted to support delivery of the initial credential used to assume other roles via aws login.

Support for the credentials as listed in a profile would be as simple as upgrading to the latest AWS GO SDK. Building a user experience that knows about going for new creds with said profile has expired might be a bit of wrenching.

There's been some confusion about what our new capability is, and we think for some customers it's a "better together" story with granted, and not an either-or.

We're available to talk if it's useful!