P3: Bucket Policy implementation complete

- BucketPolicy struct with Version + Statement array
- PolicyStatement: Effect, Principal, Action, Resource, Condition
- Principal matching (wildcard + user-specific)
- Action/Resource pattern matching with wildcards
- GetBucketPolicy: GET /s3/policy/:bucket
- PutBucketPolicy: PUT /s3/policy/:bucket
- DeleteBucketPolicy: DELETE /s3/policy/:bucket
- Policy persistence to data/s3_policies/:bucket/policy.json
- check_bucket_policy() for authorization
- 6 unit tests

Tests: 299 passed, 0 failed

markbase-core/src/server.rs

@@ -251,6 +251,10 @@ pub async fn run(port: u16, file: Option<String>) -> anyhow::Result<()> {
         .route("/s3/multipart/:bucket/*key/part", put(crate::s3::upload_part))
         .route("/s3/multipart/:bucket/*key/complete", post(crate::s3::complete_multipart_upload))
         .route("/s3/multipart/:bucket/*key/abort", delete(crate::s3::abort_multipart_upload))
+        // Bucket policy endpoints
+        .route("/s3/policy/:bucket", get(crate::s3::get_bucket_policy))
+        .route("/s3/policy/:bucket", put(crate::s3::put_bucket_policy))
+        .route("/s3/policy/:bucket", delete(crate::s3::delete_bucket_policy))
         // Shell and Metrics API endpoints (public for monitoring)
         .route("/api/v2/shell/status", get(shell_status_handler))
         .route("/api/v2/metrics", get(metrics_handler))