FIX: Provide better API for registering custom upload public types (#10697)

With secure media and the UploadSecurity class, we need a nice way for plugins to register custom upload types that should be considered public and never secure.

lib/upload_security.rb

@@ -14,10 +14,21 @@
 # on the current secure? status, otherwise there would be a lot of additional
 # complex queries and joins to perform.
 class UploadSecurity
+  @@custom_public_types = []
+
   PUBLIC_TYPES = %w[
-    avatar custom_emoji profile_background card_background category_logo category_background
+    avatar
+    custom_emoji
+    profile_background
+    card_background
+    category_logo
+    category_background
   ]
 
+  def self.register_custom_public_type(type)
+    @@custom_public_types << type if !@@custom_public_types.include?(type)
+  end
+
   def initialize(upload, opts = {})
     @upload = upload
     @opts = opts
@@ -30,8 +41,6 @@ class UploadSecurity
     uploading_in_secure_context?
   end
 
-  private
-
   def uploading_in_public_context?
     @upload.for_theme ||
       @upload.for_site_setting ||
@@ -49,6 +58,8 @@ class UploadSecurity
     uploading_in_composer? || @upload.for_private_message || @upload.for_group_message || @upload.secure?
   end
 
+  private
+
   # whether the upload should remain secure or not after posting depends on its context,
   # which is based on the post it is linked to via access_control_post_id.
   # if that post is with_secure_media? then the upload should also be secure.
@@ -62,7 +73,7 @@ class UploadSecurity
   end
 
   def public_type?
-    PUBLIC_TYPES.include?(@upload_type)
+    PUBLIC_TYPES.include?(@upload_type) || @@custom_public_types.include?(@upload_type)
   end
 
   def uploading_in_composer?