Rework raw file http header logic

[silverwind]

• Always respect the user's configured mime type map
• Allow more types like image/pdf/video/audio to serve with correct content-type
• Shorten cache duration of raw files to 5 minutes, matching GitHub
• Don't set content-disposition: attachment, let the browser decide whether it wants to download or display a file directly
• Implement rfc5987 for filenames, remove previous hack. Confirmed it working in Safari.
• Make PDF attachment work in Safari by removing sandbox attribute.

This change will make a lot more file types open directly in browser now. Logic should generally be more readable than before with less if nesting and such.

Replaces: #20460
Replaces: #20455

[silverwind]

Added the sandbox attribute removal for PDF here as well. Problem is that PDF may render using browser plugins and plugins are generally disabled in sandboxed content.

I think it's reasonable safe to do this. The worst that could happen is that a PDF could CPU resources like described in https://bugs.chromium.org/p/chromium/issues/detail?id=413851#c24, but I don't think a full compromise is possible because PDF scripts can normally not escape the PDF document environment, and if they can, it's a plugin bug.

[lafriks]

But GitHub does set sandbox for pdf files imho

[silverwind]

No, they don't, at least not any longer. If they would, pdf attachments would not work in Safari and possibly Chrome as well. The do a 302 redirect to the separate domain. the redirect response does have CSP without sandbox but I think it's not in effect, the destination is served without any CSP at all. See for yourself:

curl -sLi 'https://github.com/silverwind/symlink-test/files/9175640/test.pdf' | grep -i content-security

[silverwind]

Oops, I destroyed the PR by pushing main onto it, trying to restore. New PR: #20484.