Support new Amazon sso-session sections in config and token refresh

[arianvp]

Amazon SSO gives you a refresh_token which you can use to renew your access_token by making a call to Amazonka.SSOOIDC.CreateToken

Legacy non-refreshable format

This is what we currently use and looks like this:

[profile my-dev-profile]
sso_start_url = https://my-sso-portal.awsapps.com/start
sso_region = us-east-1
sso_account_id = 123456789011
sso_role_name = readOnly
region = us-west-2
output = json

Automatic token refresh format

In this format the config file can have (multiple) [sso-session my-session] blocks. The SDK will keep track of tokens per session in .aws/sso/cache/${sha1 session-name}.json And will store both an access_token and a refresh_token

[profile my-dev-profile]
sso_session = my-sso
sso_account_id = 123456789011
sso_role_name = readOnly
region = us-west-2
output = json

[sso-session my-sso]
sso_region = us-east-1
sso_start_url = https://my-sso-portal.awsapps.com/start
sso_registration_scopes = sso:account:access

Reference implementation

• The access_token and refresh_token are stored in a filename based on the hash of the session name in ~/.aws/sso/cache
• If the access_token is expired. We can request a new token with the refresh_token by calling Amazonka.SSOOIDC.CreateToken

Example in other SDK: https://github.com/aws/aws-sdk-go-v2/blob/config/v1.18.25/credentials/ssocreds/sso_token_provider.go