fix signing with Temporary Security Credentials

[MrGossett]

When using Route 53, things were working perfectly when aws.GetAuth was passed credentials directly, or when it fell back to aws.SharedAuth or aws.EnvAuth. However, when I switched my app to using Temporary Security Credentials, aws.GetAuth would fall through to aws.getInstanceCredentials to get credentials for the instance's role. I kept getting the following error (whitespace added for readability):

Request failed, got status code: 403. Response:
<?xml version="1.0" ?>
<ErrorResponse xmlns="https://route53.amazonaws.com/doc/2013-04-01/">
    <Error>
        <Type>Sender</Type>
        <Code>InvalidClientTokenId</Code>
        <Message>The security token included in the request is invalid</Message>
    </Error>
    <RequestId>49ea8b24-c929-11e4-bdf8-2bd74b0c762c</RequestId>
</ErrorResponse>

It turns out that the requests were missing a header. Here's the relevant snippet from the docs:

If you are signing your request using temporary security credentials, you must include the corresponding security token in your request by adding the x-amz-security-token header.

So, if the aws.Auth struct has a non-nil Token, it should be added in a X-Amz-Security-Token header. With this change, I was able to use Temporary Security Credentials just fine.

[MrGossett]

@mitchellh @armon is there anything else you're looking for here before accepting this PR?

[armon]

Sorry, sometimes things fly under our radar

[MrGossett]

No worries, @armon.

I'd be happy to help manage the PRs for this repo, if you could use a few extra hands...