remote-compose v0.4.1 — CI-friendly no-state deploys

Bug-fix release. Two fixes that make rc deploy --no-build --no-state work
from a CI runner (GitHub Actions OIDC, assumed role, or any environment where
credentials come from the environment rather than a shared AWS config file).

Also realigns the version string, which had drifted across VERSION (0.2.0),
__version__ (0.3.0), and pyproject.toml (0.4.0) — all three now read 0.4.1.

Fixes

ECS provider

• Fall back to the default credential chain when aws_profile is absent.
  _default_session_factory passed profile_name straight to
  boto3.Session, so a configured aws_profile: default (common in rc.yml)
  raised ProfileNotFound anywhere there is no shared AWS config/credentials
  file — CI runners, OIDC, AWS_ACCESS_KEY_ID in the environment. It now tries
  the named profile and, on ProfileNotFound, falls back to the default boto3
  credential chain. Laptops with a real profile are unaffected.

• Force-roll services on --no-build no-state deploys. In no-state mode,
  _deploy_no_state only force-rolled services it had built and pushed. With
  --no-build (images built out of band — e.g. CodeBuild/CI) or a stack whose
  services declare no build context, nothing was pushed, so it rolled
  nothing while still printing Deploy complete — a silent no-op that left
  ECS on the old :latest. It now short-circuits when skip_build is set and
  force-rolls the requested services (or all), so ECS pulls the freshly-pushed
  image. This also skips ECR repo discovery, so --no-build no-state deploys
  need no ECR permissions.

Upgrade notes

No config or CLI changes. Existing rc deploy invocations behave the same; the
only behavioral change is that --no-build --no-state now actually rolls
services (previously a no-op) and tolerates env-only credentials.