CDRIVER-6010 use ec2.assume_role for Azure KMS task (mongodb#2051)

Author: kevinAlbs

.evergreen/generated_configs/legacy-config.yml

@@ -16249,8 +16249,15 @@ task_groups:
 - name: testazurekms_task_group
   setup_group:
   - func: fetch-det
+  - command: ec2.assume_role
+    params:
+      role_arn: ${aws_test_secrets_role}
   - command: shell.exec
     params:
+      include_expansions_in_env:
+      - AWS_ACCESS_KEY_ID
+      - AWS_SECRET_ACCESS_KEY
+      - AWS_SESSION_TOKEN
       shell: bash
       script: |-
         set -o errexit

.evergreen/legacy_config_generator/evergreen_config_lib/testazurekms.py

@@ -18,8 +18,6 @@
 from collections import OrderedDict as OD
 from typing import MutableSequence
 
-from config_generator.components.funcs.find_cmake_latest import FindCMakeLatest
-
 from evergreen_config_generator.functions import shell_exec, func
 from evergreen_config_generator.tasks import NamedTask
 from evergreen_config_generator.variants import Variant
@@ -117,6 +115,13 @@ def _create_task_group():
     task_group.setup_group_timeout_secs = 1800  # 30 minutes
     task_group.setup_group = [
         func("fetch-det"),
+        # Assume role to get AWS secrets.
+        {
+            "command": "ec2.assume_role",
+            "params": {
+                "role_arn": "${aws_test_secrets_role}"
+            }
+        },
         shell_exec(
             r"""
             DRIVERS_TOOLS=$(pwd)/drivers-evergreen-tools
@@ -136,6 +141,7 @@ def _create_task_group():
             $DRIVERS_TOOLS/.evergreen/csfle/azurekms/create-and-setup-vm.sh
             """,
             test=False,
+            include_expansions_in_env=[ "AWS_ACCESS_KEY_ID", "AWS_SECRET_ACCESS_KEY", "AWS_SESSION_TOKEN" ]
         ),
         # Load the AZUREKMS_VMNAME expansion.
         OD(