Support new option sse_customer_key

[brmzkw]

Tested on Scaleway following this doc: https://www.scaleway.com/en/docs/object-storage/api-cli/enable-sse-c/

1/ Create the SSE-C:

openssl rand -out ssec.key 32
ENCRYPTION_KEY=$(cat ssec.key | base64)
KEY_DIGEST=$(openssl dgst -md5 -binary ssec.key | base64)

2/ Try to upload an object using s3api

aws s3api --profile plakar-scw-staging put-object --bucket jcastets-test-sse --key LICENSE --body LICENSE --sse-customer-algorithm AES256 --sse-customer-key $ENCRYPTION_KEY --sse-customer-key-md5 $KEY_DIGEST

3/ Try to back it up

./plakar at ./toto backup -o sse_customer_key='kaLwn4YpG5y0g2oV2khIdlbnHoieKZlJt1eZq9hkU2A=' @scw-staging-jcastets-test-sse

4/ Try to restore it

./plakar at ./toto restore -to @scw-staging-jcastets-test-sse b3366bce

5/ Try to retrieve the file without specifying the key

aws s3api --profile plakar-scw-staging get-object --bucket jcastets-test-sse --key Dockerfile ./LICENSE.out

aws: [ERROR]: An error occurred (InvalidRequest) when calling the GetObject operation: The object was stored using a form of Server Side Encryption. The correct parameters must be provided to retrieve the object.

6/ Try to retrieve it with the key:

aws s3api --profile plakar-scw-staging get-object --bucket jcastets-test-sse --key Dockerfile ./LICENSE.out --sse-customer-algorithm AES256 --sse-customer-key "$ENCRYPTION_KEY" --sse-customer-key-md5 "$KEY_DIGEST"                                                                                                                                                          {
    "AcceptRanges": "bytes",
    "LastModified": "2026-05-06T16:28:26+00:00",
    "ContentLength": 1089,
    "ETag": "\"4ead7c07afd9c03d9d1611d41468b06f\"",
    "ContentType": "application/octet-stream",
    "Metadata": {},
    "SSECustomerAlgorithm": "AES256",
    "SSECustomerKeyMD5": "aMQnXVs9vKSmbLn/VWiBeQ=="
}

# LICENSE.out contains the correct perms