fix(storage): use unsigned payload for pre-signed urls

[soberm]

Description of changes

Removed the incorrect x-amz-content-sha256 query parameter from S3 presigned URLs to comply with AWS S3 Signature Version 4 specification.

According to the AWS S3 documentation for presigned URLs, the x-amz-content-sha256 header is only used for regular authenticated requests (with Authorization header), not for presigned URLs. For presigned URLs, UNSIGNED-PAYLOAD should be used internally during signature calculation but should not appear as a query parameter in the final URL.

Changes:

• Removed the line that incorrectly added x-amz-content-sha256 to presigned URL query parameters
• Removed unused imports (EMPTY_SHA256_HASH and CONTENT_SHA256_HEADER)
• Updated tests to verify the parameter is not present in presigned URLs
• The implementation now correctly passes body: UNSIGNED_PAYLOAD to presignUrl() for internal signature calculation only

Issue #, if available

#14604

Description of how you validated changes

• Verified against official AWS S3 documentation: https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-query-string-auth.html
• Confirmed that AWS example presigned URLs do not include x-amz-content-sha256 as a query parameter
• Updated unit tests to verify the parameter is not present in generated presigned URLs
• All existing tests pass with yarn test in the storage package

Checklist

• PR description included
• yarn test passes
• Unit Tests are changed or added
• Relevant documentation is changed or added (and PR referenced)

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.