When an error is caught in vault_get, it only handles the 403 case.
If vault is currently in 503 (still sealed for example), it does nothing,
so the return fails with can't read "credential": no such variable.
This change allows vault_get to propagate instead the error:
"Vault returned HTTP/1.1 503 Service Unavailable, 200 OK was expected."