provide an option to use `eks.amazonaws.com/role-arn` annotation instead of `eks.amazonaws.com/ecr-role-arn`

[bear-san]

What would you like to be added:

• when finding IAM Role using for assume role also support eks.amazonaws.com/role-arn annotation instead of eks.amazonaws.com/ecr-role-arn
• If option not provided both eks.amazonaws.com/ecr-role-arn and environment variable of AWS_ECR_ROLE_ARN , provider will try to find a role by eks.amazonaws.com/role-arn annotation

Why is this needed:

• in the default, Pod identity webhook injects project token to annotated eks.amazonaws.com/role-arn ref: https://github.com/aws/amazon-eks-pod-identity-webhook/blob/master/pkg/annotations.go#L21
• If user wants to project token for only pull image, still must specify both of eks.amazonaws.com/role-arn and eks.amazonaws.com/ecr-role-arn

/kind feature

[k8s-ci-robot]

This issue is currently awaiting triage.

If cloud-provider-aws contributors determine this is a relevant issue, they will accept it by applying the triage/accepted label and provide further guidance.

The triage/accepted label can be added by org members by writing /triage accepted in a comment.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.