Cloud storage attachment - support signed "Anonymous" requests

[jlwhelan28]

Actions before raising this issue

• [X] I searched the existing issues and did not find anything similar.
• [X] I read/searched the docs

Is your feature request related to a problem? Please describe.

I have CVAT deployed to an AWS EC2 instance and am attempting to connect an S3 bucket as cloud storage. However I have the following environment restrictions

• Public access must be blocked
• I cannot create IAM users

When attempting to connect the bucket via "Anonymous Access", I receive a 400 (403 returned by boto3). This is because request signing to S3 is explicitly disabled when not providing IAM user credentials here: https://github.com/cvat-ai/cvat/blob/70a7cc0944ea1684defce29687d56529f7a24455/cvat/apps/engine/cloud_provider.py#L410-L414

Reproducing the boto3 calls made in cloud_provider.py WITHOUT signing removed, I can access my bucket as the instance profile attached to the EC2 allows access to the bucket.

From my VM this works:

boto3.client("s3", region_name="<region>").head_bucket(Bucket="cvat-dev-shared-data")

But this returns 403

boto3.client("s3", region_name="<region>", config=botocore.Config(signature_version=botocore.UNSIGNED)).head_bucket(Bucket="cvat-dev-shared-data")

Describe the solution you'd like

A toggle option in the "Attach Cloud Storage" menu that would preserve request signing for a "Semi-Anonymous" request. If removing the signature does not actually add anything of value for the standard "Anonymous Request" pattern, maybe it could be removed all-together.

Describe alternatives you've considered

I believe my only alternative is to modify the source code and build the cvat_server image myself, which I would prefer to avoid as it makes upgrades more tedious.

Additional context

No response