[skip-changelog] use OIDC to retrieve the credentials

[umbynos]

Please check if the PR fulfills these requirements

See how to contribute

• The PR has no duplicates (please search among the Pull Requests
  before creating one)
• The PR follows
  our contributing guidelines
  - [ ] Tests for the changes have been added (for bug fixes / features)
  - [ ] Docs have been added / updated (for bug fixes / features)
  - [ ] UPGRADING.md has been updated with a migration guide (for breaking changes)
  - [ ] configuration.schema.json updated if new parameters are added.

What kind of change does this PR introduce?

infra change

What is the current behavior?

We currently use statically generated credentials to access to s3 buckets.

What is the new behavior?

OpenID Connect allows workflows to exchange short-lived tokens directly from your cloud provider (see here)

Does this PR introduce a breaking change, and is titled accordingly?

no

Other information

• TODO remove AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY from secrets
• TODO add AWS_ROLE_TO_ASSUME to secrets

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (20b9ba1) 69.37% compared to head (1e0d26e) 69.39%.

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #2541      +/-   ##
==========================================
+ Coverage   69.37%   69.39%   +0.01%     
==========================================
  Files         203      203              
  Lines       20149    20149              
==========================================
+ Hits        13978    13982       +4     
+ Misses       5048     5045       -3     
+ Partials     1123     1122       -1     

Flag	Coverage Δ
unit	69.39% <ø> (+0.01%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.