Summary: Implement the GitHub Actions workflow to authenticate via OIDC and replace the logic previously running in Cirrus. Description: Update the repository's .github/workflows to use the new authentication method. We will use the standard aws-actions/configure-aws-credentials action.

• Tasks:

1. 1. Add permissions: id-token: write and contents: read to the workflow job.

1. 1. Insert the aws-actions/configure-aws-credentials step.

1. 1. Configure it to use the new Role ARN (ideally stored as a GitHub Secret or Repo Variable: AWS_ROLE_ARN).

1. 1. Run a test build (e.g., a "dry run" of Packer or the build script) to verify it can talk to AWS.

Acceptance Criteria:

• [ ] Workflow connects to AWS without an Access Key ID or Secret Access Key.

• [ ] The "Get Caller Identity" or build step succeeds.

• [ ] Pipeline output confirms the assumed role is the one created in Story 2.