Harden simulator workflow with OIDC and SSM

[lola831]

Description

This PR updates the run_simulators workflow to use GitHub OIDC and AWS SSM instead of long-lived AWS access keys, SSH keys, and a GitHub access token. The workflow now assumes an AWS role with short-lived credentials, sends remote commands through SSM, and checks out the exact workflow commit by SHA.

Note: CARLA tests are still failing, but I reproduced the same failure manually on the EC2 instance outside of GitHub Actions/SSM. The logs point to a separate CARLA/UE4 memory/runtime issue, not the workflow security changes.

Issue Link

Checklist

• I have tested the changes locally via pytest and/or other means
• I have added or updated relevant documentation
• I have autoformatted the code with black and isort
• I have added test cases (if applicable)

Additional Notes

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 89.73%. Comparing base (d74f61c) to head (0225fe9).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #461      +/-   ##
==========================================
+ Coverage   89.64%   89.73%   +0.08%     
==========================================
  Files          48       48              
  Lines       13226    13226              
==========================================
+ Hits        11857    11868      +11     
+ Misses       1369     1358      -11     

see 4 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.