Fixes #1371 which is important because IMDSv2 is the new security best practice and is starting to become required for compliance with SOC2 etc.

Also migrates from the deprecated and broken dep vendoring tool to go mod.

I have gone to great lengths to ensure that all package versions remain the same as they were under dep. All versions are as they used to be, except for aws-sdk-go, which I obviously had to upgrade slightly. go mod ignores transitive test dependencies, so there are a lot of deletions under vendor/, but these are only deletions of packages that are unnecessary for the build, with the obvious exception of awk-sdk-go and its dependencies.

Note that go.mod contains a replace statement to force the x/sys version to downgrade to the same version that was used under dep, to prevent go mod tidy from upgrading it. I don't know why go mod tidy wants to upgrade it, presumably some quirk of the minimum version selection algorithm when importing repos that lack a go.mod. This is the only package where I had to resort to any such shenanigans (the other replace statements were migrated from the previous setup.) It's probably pretty low risk to allow this package to upgrade, but I wanted to keep the versions completely consistent unless the maintainers of this repo would prefer otherwise.