fix: View expanded svg images from <img> tags to avoid js attacks

[fsbraun]

Description

Directly opening SVG images in the browser is a security issue. Hidden javascript can be executed.
This PR opens SVG using a simple template with a single <img> tag. Other image types are directly sent to the browser.

The canonical URL action button does not open the file in a new browser tab any more for security considerations. Instead the canonical URL is copied to the user's clipboard:

Related resources

• #...
• #...

Checklist

• I have opened this pull request against master
• I have added or modified the tests when changing logic
• I have followed the conventional commits guidelines to add meaningful information into the changelog
• I have read the contribution guidelines and I have joined #workgroup-pr-review on
  Slack to find a “pr review buddy” who is going to review my pull request.

[codecov]

Codecov Report

All modified lines are covered by tests ✅

Comparison is base (964f48d) 76.41% compared to head (3068e68) 76.43%.

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #1429      +/-   ##
==========================================
+ Coverage   76.41%   76.43%   +0.02%     
==========================================
  Files          75       75              
  Lines        3510     3514       +4     
  Branches      562      562              
==========================================
+ Hits         2682     2686       +4     
  Misses        666      666              
  Partials      162      162              

Files	Coverage Δ
filer/__init__.py	100.00% <100.00%> (ø)
filer/admin/imageadmin.py	90.38% <100.00%> (+0.80%)	⬆️

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[vinitkumar]

Looks good to me. Let's get this merged and released 🚢 🚀