Fix GCS signature mismatch

[akselbor]

Issue

Previously, the old "GCS workaround" worked fine for smaller payloads, but would fail for larger batches. In my testing, it appears to trigger once the requests become large enough to trigger multipart HTTP uploads. See #3877 for details.

The old workaround re‑signed the request too late in the pipeline, so it never fixed the cases where the SDK had already wrapped the body with streaming/chunk signatures for large/multipart uploads.

• The previous logic in peerdb/flow/connectors/utils/aws.go used a custom http.RoundTripper (RecalculateV4Signature) to delete Accept-Encoding, re‑sign, then put the header back.
• That happens after the AWS SDK has already signed the request and (for large bodies/multipart/streaming) wrapped the body with checksums/chunk signatures derived from the original signature.
• Re‑signing only updates Authorization (and maybe X‑Amz‑Date), but does not update those body‑level signatures. For large/multipart uploads, that mismatch shows up as SignatureDoesNotMatch.

Changes

• For GCS endpoints, force RequestChecksumCalculation/ResponseChecksumValidation = when_required on the S3 client.
• For the transfer manager uploader, force RequestChecksumCalculation = when_required when targeting GCS.

[CLAassistant]

All committers have signed the CLA.