What does this MR do?

PreviouslyUploadRoleARN was used to assume a role to upload files. However, there are a number of reasons to do this on the download as well:

• Faster transfers, as the AWS SDK v2 supports multipart downloads.
• Simplifies AWS workload identity support. Previously the eks.amazonaws.com/role-arn annotation would be needed on both the runner manager and the runner config.

Why was this MR needed?

Users found that whileUploadRoleARN increase CI cache uploads significantly, downloads took too long and timed out.

What's the best way to test this MR?

1. Following the instructions for setting up an S3 cache withUploadRoleARN inhttps://docs.gitlab.com/runner/configuration/advanced-configuration.html#enable-multipart-uploads-with-uploadrolearn, except create an AWS IAM role with permissions with boths3:PutObject ands3:GetObject.
2. SetRoleARN instead ofUploadRoleARN.
3. Run a CI job with a cache set.

What are the relevant issue numbers?

See#26921 (closed).