`runner` OIDC credential management

[dacbd]

• Document warning about using "short-term" credentials
• Document/Show possible ways to extend credential life?
• Document/provide examples for "refreshing" credentials used by the cml runner created instance.

Why? By default, these OIDC credentials expire after 1hr which is likely to be surpassed by ML workflows. After which time cml will fail to self-delete.

---

Other notes:

on AWS code wise the credential format is the exact same and essentially no changes are required
on GCP credentials format was different requiring custom parsing to determine the ProjectID see: iterative/terraform-provider-iterative#506
on az/azure 🙈 I have done zero testing

/CC #208
Follow up of iterative/cml#862

[dacbd]

For aws-actions/configure-aws-credentials:
https://github.com/aws-actions/configure-aws-credentials/blob/67fbcbb121271f7775d2e7715933280b06314838/index.js#L10
https://github.com/aws-actions/configure-aws-credentials/blob/67fbcbb121271f7775d2e7715933280b06314838/index.js#L315

the default session time is 1hr