do not check for query params to be signed headers (#18283)

x-amz-signed-headers is meant for HTTP headers only
not for query params, using that to verify things
further can lead to failure.

The generated presigned URL with custom metadata
is already kosher (tamper proof).

fixes #18281

cmd/signature-v4-utils.go

@@ -273,15 +273,5 @@ func checkMetaHeaders(signedHeadersMap http.Header, r *http.Request) APIErrorCod
 		}
 	}
 
-	// check values from url, if no http header
-	for k, val := range r.Form {
-		if stringsHasPrefixFold(k, "x-amz-meta-") {
-			if signedHeadersMap.Get(http.CanonicalHeaderKey(k)) == val[0] {
-				continue
-			}
-			return ErrUnsignedHeaders
-		}
-	}
-
 	return ErrNone
 }