Force AWS IMDSv2

[dwj300]

Describe the feature request
We're trying to move to AWS IMDS v2 (see https://aws.amazon.com/blogs/security/get-the-full-benefits-of-imdsv2-and-disable-imdsv1-across-your-aws-infrastructure/), but the current implementation has some fallback logic if we timeout trying to get the token:

{"level":"debug","time":"2025-02-21T17:17:31.408249Z","msg":"error in getting aws token : Put \"http://169.254.169.254/latest/api/token\": context deadline exceeded (Client.Timeout exceeded while awaiting headers)"}
{"level":"debug","time":"2025-02-21T17:17:31.408275Z","msg":"token is empty, will fallback to IMDSv1"}
{"level":"info","time":"2025-02-21T17:17:31.488832Z","msg":"platform detected is AWS"}

Ideally we could add an environment variable to force IMDSv2, that would be consumed here.

We can also consider just adding retries, since we're seeing that this is transient.

Describe alternatives you've considered

1. Just disable IMDSv1 on the host. That will just break locality since we don't have any retries.

Affected product area (please put an X in all that apply)

[ ] Ambient
[ ] Docs
[ ] Dual Stack
[ ] Installation
[x] Networking
[ ] Performance and Scalability
[ ] Extensions and Telemetry
[ ] Security
[ ] Test and Release
[ ] User Experience
[ ] Developer Infrastructure

Affected features (please put an X in all that apply)

[ ] Multi Cluster
[ ] Virtual Machine
[ ] Multi Control Plane

Additional context

[zirain]

retry sounds good to me.