FEATURE: Add support for secure media (#7888)

This PR introduces a new secure media setting. When enabled, it prevent unathorized access to media uploads (files of type image, video and audio). When the `login_required` setting is enabled, then all media uploads will be protected from unauthorized (anonymous) access. When `login_required`is disabled, only media in private messages will be protected from unauthorized access. 

A few notes: 

- the `prevent_anons_from_downloading_files` setting no longer applies to audio and video uploads
- the `secure_media` setting can only be enabled if S3 uploads are already enabled and configured
- upload records have a new column, `secure`, which is a boolean `true/false` of the upload's secure status
- when creating a public post with an upload that has already been uploaded and is marked as secure, the post creator will raise an error
- when enabling or disabling the setting on a site with existing uploads, the rake task `uploads:ensure_correct_acl` should be used to update all uploads' secure status and their ACL on S3

spec/components/email/styles_spec.rb

@@ -199,4 +199,19 @@ describe Email::Styles do
     end
   end
 
+  context "replace_relative_urls" do
+    it "replaces secure media within a link with a placeholder" do
+      frag = html_fragment("<a href=\"#{Discourse.base_url}\/secure-media-uploads/original/1X/testimage.png\"><img src=\"/secure-media-uploads/original/1X/testimage.png\"></a>")
+      expect(frag.at('p.secure-media-notice')).to be_present
+      expect(frag.at('img')).not_to be_present
+      expect(frag.at('a')).not_to be_present
+    end
+
+    it "replaces secure images with a placeholder" do
+      frag = html_fragment("<img src=\"/secure-media-uploads/original/1X/testimage.png\">")
+      expect(frag.at('p.secure-media-notice')).to be_present
+      expect(frag.at('img')).not_to be_present
+    end
+  end
+
 end