re-use transport and set stronger backwards compatible Ciphers (#19565)

This PR fixes a few things

- FIPS support for missing for remote transports, causing
  MinIO could end up using non-FIPS Ciphers in FIPS mode

- Avoids too many transports, they all do the same thing
  to make connection pooling work properly re-use them.

- globalTCPOptions must be set before setting transport
  to make sure the client conn deadlines are honored properly.

- GCS warm tier must re-use our transport

- Re-enable trailing headers support.

cmd/warm-backend-minio.go

@@ -25,7 +25,6 @@ import (
 	"math"
 	"net/url"
 	"strings"
-	"time"
 
 	"github.com/minio/madmin-go/v3"
 	minio "github.com/minio/minio-go/v7"
@@ -108,14 +107,11 @@ func newWarmBackendMinIO(conf madmin.TierMinIO, tier string) (*warmBackendMinIO,
 	}
 
 	creds := credentials.NewStaticV4(conf.AccessKey, conf.SecretKey, "")
-
-	getRemoteTierTargetInstanceTransportOnce.Do(func() {
-		getRemoteTierTargetInstanceTransport = NewHTTPTransportWithTimeout(10 * time.Minute)
-	})
 	opts := &minio.Options{
-		Creds:     creds,
-		Secure:    u.Scheme == "https",
-		Transport: getRemoteTierTargetInstanceTransport,
+		Creds:           creds,
+		Secure:          u.Scheme == "https",
+		Transport:       globalRemoteTargetTransport,
+		TrailingHeaders: true,
 	}
 	client, err := minio.New(u.Host, opts)
 	if err != nil {