Cross AWS account support

[bendu]

See #105

To better support cross account scenarios, we can add the ability to assume a cross-account role to the controller. Implementation wise, it would be a credential provider that assumes the role specified by an environment variable set on the container.

Once code change is in. Customer would take the follow steps to enable:

1. Customer creates role in AWS account with permissions to Cloud Map. Role is configured to be assumed by other account.
2. Customer adds permissions for EKS pod role to assume the role created in step 1.
3. Customer sets environment variable on controller with arn of role to assume.

[bendu]

An alternative approach is for customer to associate the service account to an IAM role in the Cloud Map account. Basically, this depends on the EKS cluster's OIDC provider. This means controller itself needs no changes.

See https://aws.amazon.com/blogs/containers/cross-account-iam-roles-for-kubernetes-service-accounts/