S3: add context aware action resolution (#7479)

* add context aware action resolution

* isAnonymous

* add s3 action resolver

* refactor

* correct action name

* no need for action copy object

* Simplify by removing the method-action mismatch path

* use PUT instead of DELETE action

* refactor

* constants

* versionId vs versions

* address comments

* comment

* adjust messages

* ResolveS3Action

* address comments

* refactor

* simplify

* more checks

* not needed

* simplify

weed/s3api/s3api_bucket_handlers.go

@@ -610,7 +610,8 @@ func (s3a *S3ApiServer) AuthWithPublicRead(handler http.HandlerFunc, action Acti
 
 			// Check bucket policy for anonymous access using the policy engine
 			principal := "*" // Anonymous principal
-			allowed, evaluated, err := s3a.policyEngine.EvaluatePolicy(bucket, object, string(action), principal)
+			// Use context-aware policy evaluation to get the correct S3 action
+			allowed, evaluated, err := s3a.policyEngine.EvaluatePolicyWithContext(bucket, object, string(action), principal, r)
 			if err != nil {
 				// SECURITY: Fail-close on policy evaluation errors
 				// If we can't evaluate the policy, deny access rather than falling through to IAM