Sign cloud storage URLs

A Tulip API key is required to use the Tulip API. API key authentication uses HTTP Basic Authentication as defined by [RFC 7617](https://tools.ietf.org/html/rfc7617). HTTP Basic Authentication uses a generic username/password scheme to authenticate. For Tulip API requests, the password should be the API key's associated secret. The username should have the format `{type}.{version}_{id}`, where `{type}` is the API key type, `{version}` is the type's version number, and `{id}` is the id of the key. Tulip API keys currently are one of two types: * `apikey.2` - user API keys provisioned by creating a Tulip API Bot. The key id is the bot id. * `onetime.1` - temporary API keys provisioned using the `/auth/temporary` endpoint or using the [One-Time API Key page](https://templates.tulip.co/apiKey). These keys are only valid for 30 seconds after provisioning. Once you have determined the username and password you need to use, the `Authorization` header should be set to the value `Basic {credentials}`, where `{credentials}` is the base64-encoded value of the string `{username}:{password}`. See [RFC 7617](https://tools.ietf.org/html/rfc7617) for more details of this encoding.