Make sure to filter out internal metadata (#5601)

Currently we reply back `X-Minio-Internal` values
back to the client for an encrypted object, we should
filter these out and only reply AWS compatible headers.

cmd/api-headers.go

@@ -89,6 +89,11 @@ func setObjectHeaders(w http.ResponseWriter, objInfo ObjectInfo, contentRange *h
 
 	// Set all other user defined metadata.
 	for k, v := range objInfo.UserDefined {
+		if hasPrefix(k, ReservedMetadataPrefix) {
+			// Do not need to send any internal metadata
+			// values to client.
+			continue
+		}
 		w.Header().Set(k, v)
 	}