Propagate errors if we can't handle it in vault_get

Summary:
When an error is caught in vault_get, it only handles the 403 case.

If vault is currently in 503 (still sealed for example), it does nothing,
so the return fails with can't read "credential": no such variable.

This change allows vault_get to propagate instead the error:
"Vault returned HTTP/1.1 503 Service Unavailable, 200 OK was expected."

Test Plan: Tested on Wearg

Reviewers: dereckson

Reviewed By: dereckson

Differential Revision: https://devcentral.nasqueron.org/D3003