use default provider chains for KMS and SSM

[bcressey]

Issue #, if available: Fixes #669

Description of changes: Wrap the credential provider in a provider chain which adds an outer refreshing cache provider. This is required for certain profiles to work, for example a profile that uses source_profile to fetch role credentials from a profile that uses credential_process, since the presence of a cache is assumed.

Do the same for the region provider, as the region may come from the environment or IMDS rather than being specified in the profile.

Testing done: With these changes, I was able to use the profile and command in the linked issue to add a key to root.json.

Terms of contribution: By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

[bcressey]

While I expect both changes are fine and match what users would expect, either could potentially be a breaking change since now region or creds could be taken from the environment or IMDS if the profile doesn't specify them. So I'd suggest bumping the crate versions for tough-kms and tough-ssm. I can do that here if that's easiest or otherwise it can be handled in the release workflow.

[webern]

While I expect both changes are fine and match what users would expect, either could potentially be a breaking change since now region or creds could be taken from the environment or IMDS if the profile doesn't specify them. So I'd suggest bumping the crate versions for tough-kms and tough-ssm. I can do that here if that's easiest or otherwise it can be handled in the release workflow.

I think we normally bump these as part of the release process.