Comment 13 for bug 1317293

So, with those two patches, it should now be possible to use a trust-scoped token for all heat actions other than create.

To allow create to work we need to do one or more of:
- Always create a stack with the initial non-trust scoped token (even if it's empty)
- Implement explicit support for trust chaining in keystone (I'm looking into this)
- Add a field to the create body, which enables a pre-created trust_id to be passed in (this would require either Solum to create the trust instead of heat and pass it in, which seems conceptually messy but would probably work).