This resolves a issue with a shared bucket acl.

Ceph does not allow the owner in the policy to not be the actual user doing the operation. In this case we apply the bucket policy blindly which means we use the owner of the bucket and when that owner does not match we will get a 403 when we try to update the ACL. This change just takes the current keys owner and applies it to bucket acl then applies the bucket acl to the key. Therefore keeping the same ACLs as the bucket.

This may have ramifications on the quota for a user but without changes to Ceph upstream this is not something we can get around.