HDDS-15590. Fix MINT presigned PUT failure when request includes unsigned x-amz-acl header

[Gargi-jais11]

What changes were proposed in this pull request?

MINT aws-sdk-ruby presignedPut fails because the test sends an unsigned x-amz-acl header on a presigned PUT URL. Ozone currently rejects this in StringToSignProducer#validateCanonicalHeaders(). Presigned PUT is implemented.

Fix: by allowing unsigned x-amz-acl.

Test failure link : https://ozone.s3.peterxcli.dev/?run=2026-06-16T07-50-35Z&caseSuite=mint&test=presignedPut%28bucket_name%2Cfile_name%29#latest-run-section

mint actual test case

What is the link to the Apache JIRA

https://issues.apache.org/jira/browse/HDDS-15590

How was this patch tested?

Added unit test.

[ivandika3]

Thanks @Gargi-jais11 for this fix. Could you help to check the rule for excluding the signed headers from AWS S3 docs? I researched a bit, but could not find it. The AWS documentation link in the code seems obsolete. Seems x-amz-content-sha256 is special, but I can't find any docs for x-amz-acl. See https://docs.aws.amazon.com/AmazonS3/latest/developerguide/sigv4-auth-using-authorization-header.html

@hevinhsu Could you help take a look as well?

[hevinhsu]

Thanks @Gargi-jais11 for the fix.

I'll review the code as soon as possible.

Based on my earlier investigation
(#9294 (comment)), I couldn't find any AWS documentation suggesting that x-amz-acl should be treated as an exception during presigned URL validation.

MinIO appears to only validate x-amz-meta-* headers, which may explain why the request passes validation there.