Ensure public-read ACL for S3 service with public mode.

activestorage/lib/active_storage/service/s3_service.rb

@@ -17,8 +17,10 @@ module ActiveStorage
       @bucket = @client.bucket(bucket)
 
       @multipart_upload_threshold = upload.fetch(:multipart_threshold, 100.megabytes)
-      @upload_options = upload
       @public = public
+
+      @upload_options = upload
+      @upload_options[:acl] = "public-read" if public?
     end
 
     def upload(key, io, checksum: nil, filename: nil, content_type: nil, disposition: nil, **)

activestorage/test/service/s3_public_service_test.rb

@@ -10,6 +10,10 @@ if SERVICE_CONFIGURATIONS[:s3_public]
 
     include ActiveStorage::Service::SharedServiceTests
 
+    test "public acl options" do
+      assert_equal "public-read", @service.upload_options[:acl]
+    end
+
     test "public URL generation" do
       url = @service.url(@key, filename: ActiveStorage::Filename.new("avatar.png"))