GetObject: invalid SSE headers are not handled properly

[evgeniiz321]

test_sse_kms_read_declare

invalid headers:

    sse_kms_client_headers = {
        "x-amz-server-side-encryption": "aws:kms",
        "x-amz-server-side-encryption-aws-kms-key-id": "testkey-1",
    }

It is expected to return error (400 Bad Request) in this case, but s3 gw returns an object without any problems. Seems like this headers are not parsed at all.

Same for test_sse_kms_not_declared where this invalid tag doesn't cause errors:

    sse_kms_client_headers = {
        "x-amz-server-side-encryption-aws-kms-key-id": "testkey-2"
    }

[smallhive]

Right now headers are not supported by the gate:

• x-amz-server-side-encryption
• x-amz-server-side-encryption-aws-kms-key-id

There are a pack of supported headers:

• x-amz-server-side-encryption-customer-algorithm - AES256 only
• x-amz-server-side-encryption-customer-key
• x-amz-server-side-encryption-customer-key-MD5

According to the docs

x-amz-server-side-encryption
The server-side encryption algorithm that was used when you store this object in Amazon S3 (for example, AES256, aws:kms, aws:kms:dsse).

we can try to add AES256 algo with x-amz-server-side-encryption as a similar implementation.

Also, according to docs

In AWS KMS, a symmetric encryption KMS key represents a 256-bit AES-GCM encryption key

we theoretically can try to add this implementation also, but we have to implement KMS service on our side.
It is required, because "x-amz-server-side-encryption-aws-kms-key-id" shows which key we should use for the encryption. Thus we have to manage them somehow

[roman-khimov]

We can add this to documentation, if it's not there already.

[roman-khimov]

Duplicates #193.