* STS: add GetCallerIdentity support
Implement the AWS STS GetCallerIdentity action, which returns the
ARN, account ID, and user ID of the caller based on SigV4 authentication.
This is commonly used by AWS SDKs and CLI tools (e.g. `aws sts get-caller-identity`)
to verify credentials and determine the authenticated identity.
* test: remove trivial GetCallerIdentity tests
Remove the XML unmarshal test (we don't consume this response as input)
and the routing constant test (just asserts a literal equals itself).
* fix: route GetCallerIdentity through STS in UnifiedPostHandler and use stable UserId
- UnifiedPostHandler only dispatched actions starting with "AssumeRole" to STS,
so GetCallerIdentity in a POST body would fall through to the IAM path and
get AccessDenied for non-admin users. Add explicit check for GetCallerIdentity.
- Use identity.Name as UserId instead of credential.AccessKey, which is a
transient value and incorrect for STS assumed-role callers.
