Which role do I have to use for the Fargate tasks on AWS Batch?

It's job role. The Job role configuration field in the UI has this bulrb: "You can optionally specify an IAM role that provides the container in your job with permissions to use the AWS APIs. This feature uses Amazon ECS IAM roles for tasks functionality." That is what you want to use if you want to grant the process in your container access to, say, S3 (or any other AWS service).

The job execution role is assigned to the low level agent and it enables it to pull the container image from ECR, it enables it to read from Secrets Manager and pass the secrets to the containers as variable, and a few other low level infra things.