FEATURE: Add support for secure media (#7888)

This PR introduces a new secure media setting. When enabled, it prevent unathorized access to media uploads (files of type image, video and audio). When the `login_required` setting is enabled, then all media uploads will be protected from unauthorized (anonymous) access. When `login_required`is disabled, only media in private messages will be protected from unauthorized access. 

A few notes: 

- the `prevent_anons_from_downloading_files` setting no longer applies to audio and video uploads
- the `secure_media` setting can only be enabled if S3 uploads are already enabled and configured
- upload records have a new column, `secure`, which is a boolean `true/false` of the upload's secure status
- when creating a public post with an upload that has already been uploaded and is marked as secure, the post creator will raise an error
- when enabling or disabling the setting on a site with existing uploads, the rake task `uploads:ensure_correct_acl` should be used to update all uploads' secure status and their ACL on S3

lib/file_helper.rb

@@ -17,6 +17,10 @@ class FileHelper
     filename =~ supported_images_regexp
   end
 
+  def self.is_supported_media?(filename)
+    filename =~ supported_media_regexp
+  end
+
   class FakeIO
     attr_accessor :status
   end
@@ -132,8 +136,20 @@ class FileHelper
     @@supported_images ||= Set.new %w{jpg jpeg png gif svg ico}
   end
 
+  def self.supported_audio
+    @@supported_audio ||= Set.new %w{mp3 ogg wav m4a}
+  end
+
+  def self.supported_video
+    @@supported_video ||= Set.new %w{mov mp4 webm ogv}
+  end
+
   def self.supported_images_regexp
     @@supported_images_regexp ||= /\.(#{supported_images.to_a.join("|")})$/i
   end
 
+  def self.supported_media_regexp
+    media = supported_images | supported_audio | supported_video
+    @@supported_media_regexp ||= /\.(#{media.to_a.join("|")})$/i
+  end
 end