Function inspect_bucket 

pub async fn inspect_bucket(
    client: &Client,
    bucket: &str,
    capability_cache: &CapabilityCache,
    profile_id: &ProfileId,
) -> Result<BucketInspectorReport, AppError>

Fetch all supported bucket properties in parallel and return an aggregated BucketInspectorReport.

• Successful sections → SectionResult::Value.
• AccessDenied → SectionResult::Denied; also recorded into the CapabilityCache for the (profile, bucket, op) triple.
• NotImplemented / UnsupportedOperation / provider-specific “not supported” codes → SectionResult::Unsupported.
• bucket_policy is hardcoded Deferred without calling the API.

Only AppError::NotFound (bucket deleted mid-inspect) propagates as a hard failure; everything else degrades per-section.