Function object_inspect 

pub async fn object_inspect(
    profile_id: ProfileId,
    bucket: String,
    key: String,
    version_id: Option<String>,
    store: State<'_, ProfileStoreHandle>,
    pool: State<'_, S3ClientPoolHandle>,
    capability_cache: State<'_, CapabilityHandle>,
) -> Result<ObjectInspectorReport, AppError>

Inspect a single S3 object and return an aggregated ObjectInspectorReport.

The report includes:

• head — all HeadObject properties including user-defined metadata.
• tags — object tags from GetObjectTagging.
• acl_summary — ACL summary from GetObjectAcl.
• restore_status — Glacier/Deep Archive restore status parsed from the Restore header on HeadObject.
• version_id — version ID from HeadObject (also on head.version_id).
• checksum_sha256, checksum_md5, checksum_crc32 — checksums when available.

AccessDenied on tags or ACL degrades to SectionResult::Denied rather than a hard error, and the denial is cached so the UI shows disabled reasons without re-querying.