Support S3's Customer Managed Keys for Distributed Cache

Description

A GitLab Premium customer reports internally that default S3-SSE keys are not sufficient for them:

… custom KMS customer-managed key … is a requirement for our organization.

And note that

… Runner Manager instance IAM Instance Profile [already] allows decryption using that key

Proposal

Implement support for CMKs when Runners access the cache via S3.

Links to related issues and merge requests / references

• Previous comment on wrong issue: gitlab#226006 (comment 674321826)
• Recent GET work on KMS for "data at rest" in RDS: https://gitlab.com/gitlab-org/quality/gitlab-environment-toolkit/-/issues/247