Avoid extending IMDS credentials expiry unconditionally (#2694)

## Motivation and Context
Fixes https://github.com/awslabs/smithy-rs/issues/2687



## Description
The implementation for IMDS static stability support introduced a bug
where returned credentials from IMDS are extended unconditionally, even
though the credentials are not stale. The amount by which credentials
are extended is randomized and it can incorrectly extend the expiry
beyond what's originally set. IMDS produces credentials that last 6
hours, and extending them by at most 25 minutes usually won't be an
issue but when other tools such as Kube2iam and AWSVault are used, the
expiry can be set much shorter than that, causing the issue to occur.

This PR will conditionally extend the credentials' expiry only when the
returned credentials have been expired with respect to the current wall
clock time. Also, the constant values have been adjusted according to
our internal spec.

## Testing
- Added a new unit test for the IMDS credentials provider

## Checklist
<!--- If a checkbox below is not applicable, then please DELETE it
rather than leaving it unchecked -->
- [x] I have updated `CHANGELOG.next.toml` if I made changes to the AWS
SDK, generated SDK code, or SDK runtime crates

----

_By submitting this pull request, I confirm that you can use, modify,
copy, and redistribute this contribution, under the terms of your
choice._

---------

Co-authored-by: Yuki Saito <awsaito@amazon.com>