Remove attach of bearer token when bucket owner is not an issuer of the bearer token

[masterSplinter01]

The test_object_copy_canned_acl test still not passing because main_wallet creates a private container in tests and alt_wallet can't get-object from private container, even the object was put with public-read acl.

I tried to make main-wallet create public-read container and the test began to pass.

I suggest to fix the test and place it in test_s3_neofs.py.

Closes #459

[masterSplinter01]

It seems like the field is not used, also we have versionID in ObjectInfo field

[KirillovDenis]

It seems we can adopt #485

[alexvanin]

I would like to rebase tree-service branch after this PR. Adopt it in separate PR.

[alexvanin]

I messed up with the branches. Both SDK update and this PR were into master branch, so we could adopt it. For some reason I thought this PR has tree-service target.

I pushed 4ed9397 into master branch.

[KirillovDenis]

I suppose we can keep the old getParams fields. And extend GetObjectParams by bktInfo and pass it (bktInfo) as the second parameter to n.initObjectPayloadReader function

[masterSplinter01]

I don't see huge difference between these solutions.

I suggested to make getParams keeping *data.ObjectInfo because in all usages (in both master and tree-service) we extract oid and cid from objectInfo anyway, so we can easily put objectInfo into getParams and pass all necessary information inside getParams what looks a little clearer than passing getParams with cid and bktInfo to n.initObjectPayloadReader.

[KirillovDenis]

Ok. Let's extend getParams.
The main point was using bktinfo somehow to avoid:

	// should be taken from cache
	bktInfo, err := n.GetBucketInfo(ctx, p.objInfo.Bucket)
	if err != nil {
		return nil, err
	}

in n.initObjectPayloadReader function

[masterSplinter01]

Removed this with dragging of bktInfo through params. Added a separated commit to make it easier to view changes, will squash it later

[KirillovDenis]

Please fix tests

[alexvanin]

can't get-object from private container, even the object was put with public-read acl.

I suggest to fix the test and place it in test_s3_neofs.py.

It's more like new S3 issue to fix object ACLs, isn't it?

1. main_wallet creates private container -- extended ACL with 7 deny rules for target OTHER
2. main_wallet sets public read acl for the object -- extended ACL has one more additional allow rule to this object for target OTHER, it is a first rule in the table
3. alt_wallet tries to get object -- without bearer token NeoFS node applies container EACL to request => first rule allows to get object.

[codecov]

Codecov Report

❗ No coverage uploaded for pull request base (master@2ca4dbb). Click here to learn what that means.
The diff coverage is n/a.

@@            Coverage Diff            @@
##             master     #487   +/-   ##
=========================================
  Coverage          ?   27.92%           
=========================================
  Files             ?       46           
  Lines             ?     5454           
  Branches          ?        0           
=========================================
  Hits              ?     1523           
  Misses            ?     3729           
  Partials          ?      202           

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 2ca4dbb...2469291. Read the comment docs.

[alexvanin]

can't get-object from private container, even the object was put with public-read acl.
I suggest to fix the test and place it in test_s3_neofs.py.

It's more like new S3 issue to fix object ACLs, isn't it?

1. `main_wallet` creates private container -- extended ACL with 7 `deny` rules for target `OTHER`

2. `main_wallet` sets public read acl for the object -- extended ACL has one more additional `allow` rule to this object for target `OTHER`, it is a first rule in the table

3. `alt_wallet` tries to get object -- without bearer token NeoFS node applies container EACL to request => first rule allows to get object.

As @masterSplinter01 mentioned, we got access deny error because of search request. Which is fair enough, because we do search in the bucket. tree-service branch avoids extra search, so maybe the issue should be gone. Let's investigate that and fix per object public ACL in private containers.