Pass AWS credentials from standard file to Docker

[huddlej]

Context

Several modes of the CLI support AWS credential defined in the standard ~/.aws/credentials file including the AWS Batch mode and nextstrain remote actions outside of Docker. These credentials are accessible from nextstrain shell --conda ., for example, but when running the CLI with Docker locally, the AWS credentials are not available and the user receives the following error when trying to access AWS S3 resources:

Unable to locate credentials. You can configure credentials by running "aws configure".

Description

The Docker runtime should pass through AWS credentials from the user's standard credentials file.

Additional context

This issue came up during a related Slack discussion where a user wanted to use the Docker runtime but could not store their credentials in the standard format.

[tsibley]

I'm sympathetic to this need for sure. We could automatically mount ~/.aws/{config,credentials} into the right spot in containerized runtimes, and I think most of the time this would increase the DWIM quotient. (Some more advanced AWS config/credentials setups won't work when mounted into the container, but the vast majority will.) It does reduce the isolation of the containerized runtimes, however, and I'd think we'd want a flag to disable it. For example, we've recently walked back the long-standing automatic forwarding of env-based AWS credentials into containers by disabling that behaviour if you explicitly specify other env vars.

So this needs some consideration and care, but yeah, it'd probably be good to do it.