Parse and return proper errors with x-amz-security-token (#6766)

This PR also simplifies the token and access key validation
across our signature handling.

cmd/api-errors.go

@@ -150,6 +150,9 @@ const (
 	ErrKMSNotConfigured
 	ErrKMSAuthFailure
 
+	ErrNoAccessKey
+	ErrInvalidToken
+
 	// Bucket notification related errors.
 	ErrEventNotification
 	ErrARNNotification
@@ -806,6 +809,16 @@ var errorCodeResponse = map[APIErrorCode]APIError{
 		Description:    "Server side encryption specified but KMS authorization failed",
 		HTTPStatusCode: http.StatusBadRequest,
 	},
+	ErrNoAccessKey: {
+		Code:           "AccessDenied",
+		Description:    "No AWSAccessKey was presented",
+		HTTPStatusCode: http.StatusForbidden,
+	},
+	ErrInvalidToken: {
+		Code:           "InvalidTokenId",
+		Description:    "The security token included in the request is invalid",
+		HTTPStatusCode: http.StatusForbidden,
+	},
 
 	/// S3 extensions.
 	ErrContentSHA256Mismatch: {