feat: add S3 object annotation IAM actions and condition key

[harshavardhana]

Adds the IAM actions for the S3 object annotation APIs and the condition key needed to gate them.

• Actions: s3:PutObjectAnnotation, s3:GetObjectAnnotation, s3:DeleteObjectAnnotation, s3:ListObjectAnnotations
• New condition key: s3:x-amz-object-if-match (added to AllSupportedKeys)
• Registered in SupportedActions, SupportedObjectActions, and the action condition-key map (s3:versionid, s3:ExistingObjectTag, s3:x-amz-object-if-match per AWS authorization reference)

Summary by CodeRabbit

• New Features
  • Added support for four new S3 actions for object annotations: Put Object Annotation, Get Object Annotation, Delete Object Annotation, and List Object Annotations.
  • Added support for the x-amz-object-if-match condition key for optimistic concurrency control in annotation operations.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: 3ac00b79-cc40-4230-99ed-8e6c8dedbae3

📥 Commits

Reviewing files that changed from the base of the PR and between 4d6cf68 and 55c8e80.

📒 Files selected for processing (2)

• policy/action.go
• policy/condition/keyname.go

---

📝 Walkthrough

Walkthrough

Adds four S3 object annotation action constants (PutObjectAnnotation, GetObjectAnnotation, DeleteObjectAnnotation, ListObjectAnnotations) to the policy package, registers them in SupportedActions and SupportedObjectActions, maps them to IAM condition keys in createActionConditionKeyMap, and introduces a new S3XAmzObjectIfMatch condition key constant added to AllSupportedKeys.

Changes

S3 Object Annotation Policy Support

Layer / File(s)	Summary
New S3XAmzObjectIfMatch condition key policy/condition/keyname.go	Adds S3XAmzObjectIfMatch KeyName = "s3:x-amz-object-if-match" constant and appends it to AllSupportedKeys.
Object annotation actions, registries, and IAM condition key mappings policy/action.go	Defines four exported Action constants for put/get/delete/list object annotations, registers them in SupportedActions and SupportedObjectActions, and extends createActionConditionKeyMap with per-action condition key sets for each new annotation action.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐇 Hop, hop, a new key appears,
x-amz-object-if-match cheers!
Four actions join the S3 fold,
Annotations put, get, list, and bold.
The policy map grows, neat and right —
This bunny stamps it: looks alright! ✅

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The pull request title accurately summarizes the main changes: adding S3 object annotation IAM actions and a condition key, which directly matches the changeset.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}