blob/s3blob: Support S3 server side encryption headers for Write and Copy

[tristan-newmann]

Adds support to s3blob for setting AWS S3 server side encryption headers when making requests that require such headers. The additional settings can be specified with the ssetype and kmskeyid URL params, similar to the other configuration settings

Fixes #3337

Local testing

SDKv2

Bucket policy enforces KMS headers - none provided (effectively the issue described in #3337)
Expect: AccessDenied failure

Bucket policy enforces KMS headers - values provided
Expect: No errors. Object is uploaded

Bucket policy doesn't enforce KMS - no values provided
Expect: No errors. Object is uploaded

SDKv1

Bucket policy enforces KMS headers - none provided (effectively the issue described in #3337)
Expect: AccessDenied failure

Bucket policy enforces KMS headers - values provided
Expect: No errors. Object is uploaded

Bucket policy doesn't enforce KMS - no values provided
Expect: No errors. Object is uploaded

[google-cla]

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

[codecov]

Codecov Report

Attention: Patch coverage is 60.00000% with 16 lines in your changes are missing coverage. Please review.

Project coverage is 73.13%. Comparing base (6d5d289) to head (1cb7fd0).
Report is 19 commits behind head on master.

Files	Patch %	Lines
blob/s3blob/s3blob.go	60.00%	8 Missing and 8 partials ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #3340      +/-   ##
==========================================
- Coverage   77.47%   73.13%   -4.34%     
==========================================
  Files         104      113       +9     
  Lines       13933    14825     +892     
==========================================
+ Hits        10794    10843      +49     
- Misses       2378     3210     +832     
- Partials      761      772      +11     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[tristan-newmann]

@vangent Thanks for the feedback! I implemented the requested changes. I left a couple unresolved since I wasn't sure if I did it exactly how you had in mind. This is ready for re-review

Let me know if I can force push to fix the CLA check, one of the commits has a slightly incorrect version of my email due to a local misconfiguration

[vangent]

Please go ahead and force-push and I'll re-review.

[tristan-newmann]

Ready for re-review

[tristan-newmann]

@vangent Sorry for the delay on this one, priorities forced my to put this aside for a moment, but I am back now. This is ready for re-review, and I re-did the smoke testing as well.

Unit tests pass

Redoing the smoke testing after the adjustments:

SDKv2

Bucket policy enforces KMS headers - none provided (effectively the issue described in #3337)

Expect: AccessDenied failure

Bucket policy enforces KMS headers - values provided

Expect: No errors. Object is uploaded

Bucket policy doesn't enforce KMS - no values provided

Expect: No errors. Object is uploaded

SDKv1

Bucket policy enforces KMS headers - none provided (effectively the issue described in #3337)

Expect: AccessDenied failure

Bucket policy enforces KMS headers - values provided

Expect: No errors. Object is uploaded

Bucket policy doesn't enforce KMS - no values provided

Expect: No errors. Object is uploaded