Refactor: Extract common IAM logic into shared weed/iam package (#7747)

This resolves GitHub issue #7747 by extracting duplicated IAM code into
a shared package that both the embedded S3 IAM and standalone IAM use.

New shared package (weed/iam/):
- constants.go: Common constants (charsets, action strings, error messages)
- helpers.go: Shared helper functions (Hash, GenerateRandomString,
  GenerateAccessKeyId, GenerateSecretAccessKey, StringSlicesEqual,
  MapToStatementAction, MapToIdentitiesAction, MaskAccessKey)
- responses.go: Common IAM response structs (CommonResponse, ListUsersResponse,
  CreateUserResponse, etc.)
- helpers_test.go: Unit tests for shared helpers

Updated files:
- weed/s3api/s3api_embedded_iam.go: Use type aliases and function wrappers
  to the shared package, removing ~200 lines of duplicated code
- weed/iamapi/iamapi_management_handlers.go: Use shared package for constants
  and helper functions, removing ~100 lines of duplicated code
- weed/iamapi/iamapi_response.go: Re-export types from shared package for
  backwards compatibility

Benefits:
- Single source of truth for IAM constants and helpers
- Easier maintenance - changes only need to be made in one place
- Reduced risk of inconsistencies between embedded and standalone IAM
- Better test coverage through shared test suite

1 files changed, 140 insertions, 0 deletions

diff --git a/weed/iam/responses.go b/weed/iam/responses.go
new file mode 100644
index 000000000..a45c9fd16
--- /dev/null
+++ b/weed/iam/responses.go
@@ -0,0 +1,140 @@
+package iam
+
+import (
+	"encoding/xml"
+	"fmt"
+	"time"
+
+	"github.com/aws/aws-sdk-go/service/iam"
+)
+
+// CommonResponse is embedded in all IAM response types to provide RequestId.
+type CommonResponse struct {
+	ResponseMetadata struct {
+		RequestId string `xml:"RequestId"`
+	} `xml:"ResponseMetadata"`
+}
+
+// SetRequestId sets a unique request ID based on current timestamp.
+func (r *CommonResponse) SetRequestId() {
+	r.ResponseMetadata.RequestId = fmt.Sprintf("%d", time.Now().UnixNano())
+}
+
+// ListUsersResponse is the response for ListUsers action.
+type ListUsersResponse struct {
+	CommonResponse
+	XMLName         xml.Name `xml:"https://iam.amazonaws.com/doc/2010-05-08/ ListUsersResponse"`
+	ListUsersResult struct {
+		Users       []*iam.User `xml:"Users>member"`
+		IsTruncated bool        `xml:"IsTruncated"`
+	} `xml:"ListUsersResult"`
+}
+
+// ListAccessKeysResponse is the response for ListAccessKeys action.
+type ListAccessKeysResponse struct {
+	CommonResponse
+	XMLName              xml.Name `xml:"https://iam.amazonaws.com/doc/2010-05-08/ ListAccessKeysResponse"`
+	ListAccessKeysResult struct {
+		AccessKeyMetadata []*iam.AccessKeyMetadata `xml:"AccessKeyMetadata>member"`
+		IsTruncated       bool                     `xml:"IsTruncated"`
+	} `xml:"ListAccessKeysResult"`
+}
+
+// DeleteAccessKeyResponse is the response for DeleteAccessKey action.
+type DeleteAccessKeyResponse struct {
+	CommonResponse
+	XMLName xml.Name `xml:"https://iam.amazonaws.com/doc/2010-05-08/ DeleteAccessKeyResponse"`
+}
+
+// CreatePolicyResponse is the response for CreatePolicy action.
+type CreatePolicyResponse struct {
+	CommonResponse
+	XMLName            xml.Name `xml:"https://iam.amazonaws.com/doc/2010-05-08/ CreatePolicyResponse"`
+	CreatePolicyResult struct {
+		Policy iam.Policy `xml:"Policy"`
+	} `xml:"CreatePolicyResult"`
+}
+
+// CreateUserResponse is the response for CreateUser action.
+type CreateUserResponse struct {
+	CommonResponse
+	XMLName          xml.Name `xml:"https://iam.amazonaws.com/doc/2010-05-08/ CreateUserResponse"`
+	CreateUserResult struct {
+		User iam.User `xml:"User"`
+	} `xml:"CreateUserResult"`
+}
+
+// DeleteUserResponse is the response for DeleteUser action.
+type DeleteUserResponse struct {
+	CommonResponse
+	XMLName xml.Name `xml:"https://iam.amazonaws.com/doc/2010-05-08/ DeleteUserResponse"`
+}
+
+// GetUserResponse is the response for GetUser action.
+type GetUserResponse struct {
+	CommonResponse
+	XMLName       xml.Name `xml:"https://iam.amazonaws.com/doc/2010-05-08/ GetUserResponse"`
+	GetUserResult struct {
+		User iam.User `xml:"User"`
+	} `xml:"GetUserResult"`
+}
+
+// UpdateUserResponse is the response for UpdateUser action.
+type UpdateUserResponse struct {
+	CommonResponse
+	XMLName xml.Name `xml:"https://iam.amazonaws.com/doc/2010-05-08/ UpdateUserResponse"`
+}
+
+// CreateAccessKeyResponse is the response for CreateAccessKey action.
+type CreateAccessKeyResponse struct {
+	CommonResponse
+	XMLName               xml.Name `xml:"https://iam.amazonaws.com/doc/2010-05-08/ CreateAccessKeyResponse"`
+	CreateAccessKeyResult struct {
+		AccessKey iam.AccessKey `xml:"AccessKey"`
+	} `xml:"CreateAccessKeyResult"`
+}
+
+// PutUserPolicyResponse is the response for PutUserPolicy action.
+type PutUserPolicyResponse struct {
+	CommonResponse
+	XMLName xml.Name `xml:"https://iam.amazonaws.com/doc/2010-05-08/ PutUserPolicyResponse"`
+}
+
+// DeleteUserPolicyResponse is the response for DeleteUserPolicy action.
+type DeleteUserPolicyResponse struct {
+	CommonResponse
+	XMLName xml.Name `xml:"https://iam.amazonaws.com/doc/2010-05-08/ DeleteUserPolicyResponse"`
+}
+
+// GetUserPolicyResponse is the response for GetUserPolicy action.
+type GetUserPolicyResponse struct {
+	CommonResponse
+	XMLName             xml.Name `xml:"https://iam.amazonaws.com/doc/2010-05-08/ GetUserPolicyResponse"`
+	GetUserPolicyResult struct {
+		UserName       string `xml:"UserName"`
+		PolicyName     string `xml:"PolicyName"`
+		PolicyDocument string `xml:"PolicyDocument"`
+	} `xml:"GetUserPolicyResult"`
+}
+
+// ErrorResponse is the IAM error response format.
+type ErrorResponse struct {
+	CommonResponse
+	XMLName xml.Name `xml:"https://iam.amazonaws.com/doc/2010-05-08/ ErrorResponse"`
+	Error   struct {
+		iam.ErrorDetails
+		Type string `xml:"Type"`
+	} `xml:"Error"`
+}
+
+// Error represents an IAM API error with code and underlying error.
+type Error struct {
+	Code  string
+	Error error
+}
+
+// Policies stores IAM policies (used for managed policy storage).
+type Policies struct {
+	Policies map[string]interface{} `json:"policies"`
+}
+