StreamDecryptor._read_header() fails when source stream does not support tell() and seek()

[mattsb42-aws]

StreamDecryptor._read_header() currently assumes that the input stream supports tell() and seek() and uses these methods to rewind the input read after deserializing the header to feed into the header auth hash. If these methods are not supported (ex: for stdin), decryption will fail.

We cannot simply read the entire thing into memory, as we have no way of knowing how large the input stream will be. We cannot use a BufferedReader because we have no way of reasonably knowing how much we need to buffer (somewhere between ~600B and 8MB).

Proposed fix is to create internal.utils.TeeStream, based on internal.utils.ROStream, which will record all data which is read to an alternate stream. This alternate stream will then be read out after reading the header and the contents returned from internal.deserialize.deserialize_header along with the deserialized header.

[mattsb42-aws]

In fixing this, I also realized that the single-shot encrypt() and decrypt() calls both resulted in unchecked calls to stream_length, which caused errors in the event of non-seekable input streams. Rolling that fix into this.