The script was copied from the ncov-ingest repo
<https://github.com/nextstrain/ncov-ingest/blob/20b432624ad2c4bf24c85756bd04bae1e067bde8/bin/write-envdir>

Adding in preparation for configuring separate AWS credentials for
the build runtime in pathogen-repo-build.

Renamed to `setup-aws-batch-credentials` in preparation for adding
another step that sets up AWS credentials for the runtime.

The new step for setting up runtime AWS credentials probably won't need
an anchor as it should only run once before the build starts. I
just wanted to be specific with the existing anchor name to prevent any
potential confusion.

Assumes repo-specific roles, `GitHubActionsRoleNextstrainRepo@zika` for
example, which are managed by the Terraform configuration in the
nextstrain/infra repo.  The repo here is always the _calling_
repository, regardless of if the "repo" input was provided to use
workflows from another place.

The runtime credentials are then saved in an envdir that is passed
to the build command via `NEXTSTRAIN_RUNTIME_ENVDIRS`.

Namespaced `NEXTSTRAIN_RUNTIME_ENVDIR` with `./git/nextstrain` as
suggested by @tsibley in review¹

¹ <#81 (comment)>

Related-to: <nextstrain/infra#4>
Co-authored-by: Thomas Sibley <[email protected]>

…g credentials

Very helpful for troubleshooting when looking at logs.

Note that when using the AWS Batch runtime the credential identity will
only be emitted for the initial job submission, not subsequent wait-N
jobs.  This seems fine.

…ials steps

So they are more easily differentiated/recognized in the job logs.  I
found myself easily mixing them up when trying to find the right one.