How to determine if an object is encrypted with a "regular" S3-SSE KMS key, or an S3 Bucket Key with S3 Inventory?

I have a very large bucket with many files. The bucket contains a mix of mostly "old" files encrypted with a non bucket key KMS key, and some new files that are using the new BucketKey.

I do not want to call a HEAD operation on all of them to determine if ServerSideEncryptionConfiguration contains BucketyKeyEnabled for performance and cost reasons. However, I can't just check the bucket level settings, as the bucket contains a mix of encrypted objects.

Documentation for S3 Inventory indicates that Encryption Status will not contain this info:

Encryption status – Set to SSE-S3, SSE-C, SSE-KMS, or NOT-SSE. The server-side encryption status for SSE-S3, SSE-KMS, and SSE with customer-provided keys (SSE-C).

I believe both old and new files will just return SSE-KMS.

Is there a way to access this info either via S3 Inventory (through yet undocumented behavior/config), or via another efficient method?

I do not want to just use a "all files before the date the Bucket Key was turned on" method, as while that may work for this specific use case, I need a solution with a broader scope for the future.