Desktop application fulfillment platform with multiple authentication mechanisms

What is claimed is: 1. A system, comprising: a plurality of computing nodes that collectively provide virtual computing services to one or more clients of a service provider, each of the computing nodes comprising at least one processor and a memory; and a virtualized computing resource instance executing on one of the computing nodes; wherein the virtualized computing resource instance implements a virtual desktop instance on behalf of a given end user that receives services from the service provider, and wherein an application delivery agent is installed on the virtual desktop instance; wherein one or more of the plurality of computing nodes implement an application fulfillment platform; wherein the application fulfillment platform is configured to: receive, from the application delivery agent, a request to register the virtual desktop instance with the application fulfillment platform as a device, wherein the request includes a device identity ticket; in response to the request to register the virtual desktop instance: validate the device identity ticket; generate a security token for the device; and return the security token for the device to the application delivery agent; receive, from the application delivery agent, a request to register the given end user with the application fulfillment platform, wherein the request includes a user identity ticket received from an active directory service; in response to the request to register the given end user: validate the user identity ticket; generate a security token for the given end user; and return the security token for the given end user to the application delivery agent; and receive, from the application delivery agent, a request for service, wherein the request for service includes the security token for the device or the security token for the given end user, and wherein the security token included in the request for service is dependent on the type of the service request or the entity on whose behalf the service request was submitted by the application delivery agent. 2. The system of claim 1 , wherein the request was submitted by the application delivery agent on behalf of the application delivery agent; and wherein the request for service comprises an identifier of the device and the security token for the device. 3. The system of claim 1 , wherein the request was submitted by the application delivery agent on behalf of the given end user; and wherein the request for service comprises an identifier of the given end user and the security token for the given end user. 4. The system of claim 1 , wherein the application fulfillment platform comprises a plurality of control plane services, including a proxy service; wherein one or more of the request to register the virtual desktop instance, the request to register the end user, or the request for service is received by a proxy service; and wherein in response to receiving the request to register the virtual desktop instance, the request to register the end user, or the request for service, the proxy service is configured to: validate a security token included in the request; and dispatch the request to another one of the control plane services. 5. The system of claim 4 , wherein the application fulfillment platform comprises an outbound queue from which the application delivery agent can retrieve notifications; wherein the other one of the control plane services is configured to: receive the dispatched request for service; process the dispatched request for service; and return a response for the dispatched request for service to the application delivery agent, wherein to return the response, the other one of the control plane services places a notification in the outbound queue for retrieval by the application delivery agent. 6. A method, comprising: performing, by one or more computers that implement an application fulfillment platform on resources of a service provider: receiving a service request from an application delivery agent that is installed on a computing resource instance of a given user in an organization that receives services from the service provider, wherein the service request comprises a security credential for the computing resource instance or a security credential for the given user; and in response to receiving the service request, validating a particular identity resource of a plurality of different identity resources using two or more authentication mechanisms, wherein the particular identity resource being validated is based on whether the service request was submitted by the application delivery agent on behalf of the computing resource instance or was submitted by the application delivery agent on behalf of the given user, and wherein individual ones of the different identity resources comprise: an identity of the computing resource instance and a security credential for the computing resource instance, or an identity of the given user and a security credential for the given user; and in response to validating the identity and the security credential for the computing resource instance of the given user or for the given user, processing the service request. 7. The method of claim 6 , further comprising, prior to said receiving: generating the security credential for the computing resource instance of the given user; or generating the security credential for the given user. 8. The method of claim 7 , wherein the method further comprises, prior to receiving the service request, receiving a request to register the computing resource instance with the application fulfillment service platform; and wherein said generating the security credential for the computing resource instance of the given user is performed in response to receiving the request to register the computing resource instance with the application fulfillment service platform. 9. The method of claim 7 , wherein the method further comprises, prior to receiving the service request, receiving a request to register the given user with the application fulfillment service platform or an indication that the given user has logged into the computing resource instance; and wherein said generating the security credential for the given user is performed in response to receiving the request to register the given user with the application fulfillment service platform or the indication that the given user has logged into the computing resource instance. 10. The method of claim 7 , wherein at least one of said generating the security credential for the computing resource instance of the given user or said generating the security credential for the given user comprises generating a temporary security token that expires after a pre-determined period of time; and wherein the method further comprises renewing the temporary security token in response to the temporary security token expiring. 11. The method of claim 7 , wherein at least one of said generating the security credential for the computing resource instance of the given user or said generating the security credential for the given user comprises: receiving a security credential or unique resource identifier for the computing resource instance of the given user or for the given user that is of a different type than that of the security credential and that is not recognized by one or more control plane services implemented by the application fulfillment platform; reformatting the security credential or unique resource identifier for the computing resource instance of the given user or for the given user that is of the different type; and exchanging the reformatted security credential or uniqu