Fix AWS SSO support when using the 'sso-session' sections

[christophetd]

This is only supported starting from the Terraform AWS Provider 4.54.0+, which not all techniques were using.

See also #626

Tried an upgrade path that's not working well, because the Terraform files (and hence the new provider definition) are extracted to disk when the technique is warmed-up or detonated, they are not re-extracted from the binary on every run:

$ stratus version
2.21.0
$ stratus detonate aws.credential-access.ssm-retrieve-securestring-parameters

$ bin/stratus version
dev-snapshot
$ AWS_DEFAULT_REGION= AWS_REGION=us-east-1 AWS_PROFILE=security-research ./bin/stratus status aws.credential-access.ssm-retrieve-securestring-parameters
DETONATED
$ AWS_DEFAULT_REGION= AWS_REGION=us-east-1 AWS_PROFILE=security-research ./bin/stratus cleanup aws.credential-access.ssm-retrieve-securestring-parameters
2025/02/11 14:35:45 Cleaning up aws.credential-access.ssm-retrieve-securestring-parameters
2025/02/11 14:35:45 Cleaning up technique prerequisites with terraform destroy
2025/02/11 14:35:46 unable to cleanup TTP prerequisites: exit status 1

Error: error configuring Terraform AWS Provider: Error creating AWS session: profile "security-research" is configured to use SSO but is missing required configuration: sso_region, sso_start_url

  with provider["registry.terraform.io/hashicorp/aws"],
  on main.tf line 9, in provider "aws":
   9: provider "aws" {

I don't think it is desirable to extract the Terraform files for a technique on every run, or we'll have some inconsistencies (e.g. a technique that may be marked as "DETONATED", but with Terraform files on disk that don't mirror what's actually warmed-up and deployed).

The impact is that if you upgrade your Stratus Red Team version to a new one, but you have detonated/warmed-up techniques, you won't benefit from this fix, which believe is fine as long as noted in the changelog

[siigil]

Looks good to me.