Force dependence on boto3 credential providers

[Riebart]

Kludging a credential provider when they're provided out of the box is poor form.

Contains a fair number of whitespace-only change due to linting for style done via yapf automagic.

• Since this new method (and technically the old one too) allowed role/temporary credentials, the get_current_user() may have thrown, so this works around that.
• Removes all references to explicit credentials, and falls back to the standard AWS credential provider mechanism.
• Fixes a bug where the groups marker reference was to an undefined variable (caught in linting) when enumerating groups the user is part of.

[RajUmadas]

+1

[kieranharrigan]

👍