hashicorp
use vault agent token when wrap_ttl is set
If vault agent specifies wrap_ttl for the token it is returned as a SecretWarpInfo struct marshalled into JSON instead of the normal raw token. This checks for that and pulls out the token if it is the case. Plus tests.
Fixes #1498
Refactored to have initial client_set vault token and the tokens fetched by VaultAgentTokenQuery to share the same SetToken code to check for the wrap_ttl json as well as the standard vault wrapping (which the VaultAgentTokenQuery didn't do before).
Going to let this sit overnight and look at it again tomorrow and probably add a couple more tests.
Current version breaks due to the double unwrap calls at startup, 1 from client_set.go and one from the VaultAgentTokenQuery dependency that gets kicked off at startup to monitor the vault agent token file for updates.
Either need to track the wrapped status of the current token, ignore unwrapping errors or somehow eliminate the duplication. More in the comments of #1498.