Support update of AuthToken in ElastiCache ReplicationGroup

[gfrey]

Describe the bug
When changing the value of the K8s secret field referenced by the AuthToken object in the ReplicationGroup spec, this change should be picked up and applied to ElastiCache.

Steps to reproduce

1. Create a K8s secret with the original auth-token.
2. Create a replication group referencing the auth-token from the previous step.
3. Update the secret from step 1.

In the next reconciliation run, I'd expect the auth-token to be set in the replication group, but there is no such call happening.

Expected outcome
When a change to the value is detected, a ModifyReplicationGroup should be made, containing the new AuthToken value and the AuthTokenUpdateStrategy set to "ROTATE".

Ideally the ACK ReplicationGroup is added a retention period parameter for the old auth-token, that, once gone by, triggers a subsequent ModifyReplicationGroup call, with the AuthTokenUpdateStrategy set to "SET", to remove the old auth-token.