Fix STS AssumeRole with POST body param (#8320)

* Fix STS AssumeRole with POST body param and add integration test

* Add STS integration test to CI workflow

* Address code review feedback: fix HPP vulnerability and style issues

* Refactor: address code review feedback

- Fix HTTP Parameter Pollution vulnerability in UnifiedPostHandler
- Refactor permission check logic for better readability
- Extract test helpers to testutil/docker.go to reduce duplication
- Clean up imports and simplify context setting

* Add SigV4-style test variant for AssumeRole POST body routing

- Added ActionInBodyWithSigV4Style test case to validate real-world scenario
- Test confirms routing works correctly for AWS SigV4-signed requests
- Addresses code review feedback about testing with SigV4 signatures

* Fix: always set identity in context when non-nil

- Ensure UnifiedPostHandler always calls SetIdentityInContext when identity is non-nil
- Only call SetIdentityNameInContext when identity.Name is non-empty
- This ensures downstream handlers (embeddedIam.DoActions) always have access to identity
- Addresses potential issue where empty identity.Name would skip context setting

weed/s3api/s3err/s3api_errors.go

@@ -116,6 +116,7 @@ const (
 
 	ErrTooManyRequest
 	ErrRequestBytesExceed
+	ErrServiceUnavailable
 
 	OwnershipControlsNotFoundError
 	ErrNoSuchTagSet
@@ -512,6 +513,11 @@ var errorCodeResponse = map[ErrorCode]APIError{
 		Description:    "Simultaneous request bytes exceed limitations",
 		HTTPStatusCode: http.StatusServiceUnavailable,
 	},
+	ErrServiceUnavailable: {
+		Code:           "ServiceUnavailable",
+		Description:    "Service Unavailable",
+		HTTPStatusCode: http.StatusServiceUnavailable,
+	},
 
 	OwnershipControlsNotFoundError: {
 		Code:           "OwnershipControlsNotFoundError",