Don't specify x-amz-acl by default.

x-amz-acl is not a required header, and it's supposed to default to 'private'.
The current behavior is unnecessary and violates the principle of least surprise,
which is particularly problematic in this case because the expected behavior is that
files uploaded with no specified ACL are private, and instead they are world-readable