google: Changes required to get AWS working in manual testing

• Subject Token needs to be query escaped
• Null options need to be omitted (like they are in other languages)

Change-Id: I67d1ed3ba96a35283a8928f196bc7e912084d1ab
GitHub-Last-Rev: 1aae076a90
GitHub-Pull-Request: golang/oauth2#474
Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/290513
Reviewed-by: Cody Oss <codyoss@google.com>
Trust: Cody Oss <codyoss@google.com>
Trust: Tyler Bui-Palsulich <tbp@google.com>
Run-TryBot: Cody Oss <codyoss@google.com>
TryBot-Result: Go Bot <gobot@golang.org>

google/internal/externalaccount/aws.go

@@ -16,6 +16,7 @@ import (
 	"io"
 	"io/ioutil"
 	"net/http"
+	"net/url"
 	"os"
 	"path"
 	"sort"
@@ -334,7 +335,7 @@ func (cs awsCredentialSource) subjectToken() (string, error) {
 	if err != nil {
 		return "", err
 	}
-	return string(result), nil
+	return url.QueryEscape(string(result)), nil
 }
 
 func (cs *awsCredentialSource) getRegion() (string, error) {