Add support for Redshift IAM authentication

[r0mant]

This PR adds support for AWS Redshift IAM authentication to database access.

Redshift supports IAM authentication, but not in the same way as RDS/Aurora. There is a separate API to request Redshift IAM token, GetClusterCredentials. Other than that, Redshift speaks Postgres compatible protocol so psql works as usual, at least in my tests.

Redshift requires one additional parameter in the config, cluster ID, so users would configure it like this (and database agent determines whether this is a Redshift database by the presence of this field):

db_service:
  enabled: "yes"
  databases:
  - name: "redshift"
    protocol: "postgres"
    uri: "redshift-cluster-1.xxx.us-east-1.redshift.amazonaws.com:5439"
    aws:
      region: "us-east-1"
      redshift:
        cluster_id: "redshift-cluster-1"

The actual logic to generate Redshift auth token is actually very small and isolated in the same Auth interface that already generates tokens for RDS and Cloud SQL. But some extra related changes were required:

• Automatic downloading of Redshift CA, similar to how it was done for RDS so users don't need to download the file themselves.
• Better management of AWS sessions. Previously, we would just open one AWS session to the "current" region which would cause issues if you had RDS/Aurora/Redshift databases in multiple regions. Now database agent keeps sessions to each needed region depending on what kinds of databases it proxies.
• I've also refactored database service unit tests quite heavily to be able to test functionality with generating auth tokens and using them for authentication. It turned out pretty cool, I can now configure individual tests with any kinds of databases they need.

Fixes #6029 and needs backport to v6.

[fspmarshall]

Added a couple minor nits. Looks good overall.

[russjones]

Bot.