Built-in support for AssumeRole credentials

We already have AssumeRoleWithWebIdentity support, so the credential fetching/refreshing will likely be similar. But the base credential is _a different_ credential instead of a token file. So AssumeRole would likely not be in the default credential chain.