FIX: Don't secure the about banner image (#29889)

Uploads that are linked to site settings shouldn't be flagged as secure in login-required sites that enable secure uploads. However, in order for site setting uploads to not be marked secured, the frontend uploader has to include 2 params in the upload request: `for_site_setting: true` and `type: "site_setting"`.

Since these 2 params are semantically identical, we want the `type: "site_setting"` param alone to make the upload correctly treated as a site setting upload. To achieve that, we need to include the `site_setting` type in the public types list because the `for_site_setting` param has the same effect — it marks the upload as a public type.

b138eaf9e5/lib/upload_security.rb (L128-L131)

lib/upload_security.rb

@@ -37,6 +37,7 @@ class UploadSecurity
     category_background
     group_flair
     badge_image
+    site_setting
   ]
 
   PUBLIC_UPLOAD_REFERENCE_TYPES = %w[