UNSIGNED-PAYLOAD is not handled properly by the proxy

The proxy disables "payload signing" if the content hash equals UNSIGNED-PAYLOAD: https://github.com/trinodb/aws-proxy/blob/a00969b9025a48d679425dd7065c08c9ebc17afa/trino-aws-proxy/src/main/java/io/trino/aws/proxy/server/signing/Signer.java#L136-L138

That method's Javadoc states:

Enables payload signing for all situations on clients built via this builder.

Payload signing is optional when chunked encoding is not used and requests are made against an HTTPS endpoint. Under these conditions the client will by default opt to not sign payloads to optimize performance. If this flag is set to true the client will instead always sign payloads.

Note: Payload signing can be expensive, particularly if transferring large payloads in a single chunk. Enabling this option will result in a performance penalty.

However, this appears to be messing with UNSIGNED-PAYLOAD requests as it does not appear to be designed for that use case. From the docs I imagine disabling payload signing may be resulting in UNSIGNED-PAYLOAD not being added to the canonical request, thus making signature verification fail.

In any case, I believe we can safely always enable payload signing, since we never recompute the hash of the payload and instead reuse the value of X-amz-content-sha256: https://github.com/trinodb/aws-proxy/blob/a00969b9025a48d679425dd7065c08c9ebc17afa/trino-aws-proxy/src/main/java/io/trino/aws/proxy/server/signing/Signer.java#L140-L146

For incoming requests:
- This is safe since we validate the hash / aws-chunked signature of all incoming requests as we read them
- It is performant, as we do not re-read the payload, there is no hash being computed again
For outgoing requests:
- We use UNSIGNED-PAYLOAD, so there is no content to be read or hash to be computed

trinodb / aws-proxy

UNSIGNED-PAYLOAD is not handled properly by the proxy #133