fix: support IAM policy handling for wildcard actions (#11530)

This PR fixes

- allow 's3:versionid` as a valid conditional for
  Get,Put,Tags,Object locking APIs
- allow additional headers missing for object APIs
- allow wildcard based action matching

pkg/bucket/policy/condition/key.go

@@ -124,6 +124,7 @@ var AllSupportedKeys = append([]Key{
 	S3Prefix,
 	S3Delimiter,
 	S3MaxKeys,
+	S3VersionID,
 	S3ObjectLockRemainingRetentionDays,
 	S3ObjectLockMode,
 	S3ObjectLockLegalHold,
@@ -143,6 +144,8 @@ var AllSupportedKeys = append([]Key{
 
 // CommonKeys - is list of all common condition keys.
 var CommonKeys = append([]Key{
+	S3XAmzContentSha256,
+	S3LocationConstraint,
 	AWSReferer,
 	AWSSourceIP,
 	AWSUserAgent,
@@ -152,7 +155,6 @@ var CommonKeys = append([]Key{
 	AWSPrincipalType,
 	AWSUserID,
 	AWSUsername,
-	S3XAmzContentSha256,
 	LDAPUser,
 }, JWTKeys...)
 
@@ -241,6 +243,13 @@ func (set KeySet) Add(key Key) {
 	set[key] = struct{}{}
 }
 
+// Merge merges two key sets, duplicates are overwritten
+func (set KeySet) Merge(mset KeySet) {
+	for k, v := range mset {
+		set[k] = v
+	}
+}
+
 // Difference - returns a key set contains difference of two keys.
 // Example:
 //     keySet1 := ["one", "two", "three"]