Description of problem (please be detailed as possible and provide log
snippests):
------------------------------------------------------------------------------
While testing bucket policies on non-containerized NSFS, I noticed that I generally couldn’t deny a bucket owner account from accessing his own buckets.

For example:

$ my_s3 mb s3://my-bucket --region=us-east-2
$ my_s3 cp denied_test_obj s3://my-bucket/
$ my_s3api put-bucket-policy --bucket my-bucket --policy '{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Deny",
            "Action": "s3:*",
            "Principal": {
                "AWS": "*"
            },
            "Resource": "arn:aws:s3:::my-bucket/denied_test_obj"
        }
    ]
}'

$ my_s3 cp s3://my-bucket/denied_test_obj ~/Downloads/
download: s3://my-bucket/denied_test_obj to ../../../../Users/shirshfe/Downloads/denied_test_obj 

Notice that the last cp operation above has not been denied as expected.

Version of all relevant components (if applicable):
------------------------------------------------------------------------------
noobaa-core-5.17.0-20240511.el9.x86_64.rpm

Does this issue impact your ability to continue to work with the product
(please explain in detail what is the user impact)?
------------------------------------------------------------------------------
On AWS S3 and MCG, in the context of ODF, it should be possible to deny a bucket owner access to his own buckets.

As for a use case, an admin might want to limit another account's access even to their own buckets.

Is there any workaround available to the best of your knowledge?
------------------------------------------------------------------------------
No

Rate from 1 - 5 the complexity of the scenario you performed that caused this
bug (1 - very simple, 5 - very complex)?
------------------------------------------------------------------------------
1

Can this issue reproducible?
------------------------------------------------------------------------------
Yes, but only on non-containerized NSFS. Attempting the above MCG in the context of ODF results in the expected denial.

Can this issue reproduce from the UI?
------------------------------------------------------------------------------
N/A

If this is a regression, please provide more details to justify this:
------------------------------------------------------------------------------
Probably not - it hasn't been tested before

Steps to Reproduce:
------------------------------------------------------------------------------
1. Install non-containerized NSFS on a remote CentOS 9 machine
2. Create an account using the noobaa API while saving the access_key and secret_key
3. Set the credentials and the endpoint to an S3 alias on your local machine
4. Run the bash commands in the description

Actual results:
------------------------------------------------------------------------------
The account that owns the bucket manages to download denied_test_obj, even though we applied a policy that denies all principals from accessing it.

Expected results:
------------------------------------------------------------------------------
The attempt should fail with the same error it would on MCG in the context of ODF:
```
fatal error: An error occurred (403) when calling the HeadObject operation: Forbidden
```

Additional info:
------------------------------------------------------------------------------
Attaching the NSFS service logs in a follow-up comment