AWS IAM auth code in common_mysql increases complexity

[getvictor]

Fleet version: (current main branch)

---

💥 Actual behavior

The common_mysql package contains AWS IAM authentication code (aws_iam_auth.go), which:

1. Increases cognitive complexity: Developers working with common_mysql may need to understand AWS IAM auth even when not using it
2. Weakens modularity: Other packages cannot use common_mysql without inheriting AWS SDK dependencies
3. Does not have single responsibility: common_mysql currently provides generic MySQL utilities, plus AWS-specific authentication
4. Increases build times: Any package importing common_mysql pulls in AWS SDK dependencies transitively

🛠️ To fix

Refactor AWS IAM authentication out of common_mysql using dependency injection:

1. Create new server/datastore/mysql/rdsauth/ package containing the AWS IAM connector
2. Add ConnectorFactory injection point to common_mysql.DBOptions
3. Update common_mysql.NewDB to use injected factory when present
4. Move IAM auth setup to mysql.New() which injects the factory
5. Remove aws_iam_auth.go from common_mysql

🧑‍💻 Steps to reproduce

These steps:

• [x] Have been confirmed to consistently lead to reproduction in multiple Fleet instances.

1. Check direct imports of common_mysql:

   go list -f '{{.Imports}}' ./server/datastore/mysql/common_mysql
   

2. Observe AWS-related imports: github.com/aws/aws-sdk-go-v2/aws, github.com/fleetdm/fleet/v4/server/aws_common
3. Any bounded context using common_mysql inherits these dependencies

QA

Smoke test the RDS IAM authentication feature from #1817 (PR #32488):

1. Deploy Fleet with RDS MySQL using IAM authentication (no password, region configured)
2. Verify Fleet connects and operates normally