storage backends should not fail if they cannot get single paths

[thomasmitchell]

This may require a pre-check job to run to determine if the target cannot be reached or authenticated to at all. This way, we don't have to rely on the ability to get individual credentials to be the failure test.

[thomasmitchell]

The current behavior keeps all the certificates from being found if just one path returns an error. This is because I don't want failure to cause all the certificates for that backend to disappear from storage entirely. Keeping things around longer than they are there, potentially, causes false positives, which seems preferable to the opposite.

[thomasmitchell]

The middle ground here might be considering it a total failure if a List operation can't be done, but treating failures on individual Gets as warnings.