feat: implement comprehensive file upload security

- Add comprehensive file validation with magic bytes, MIME type, and PIL checks
- Implement malicious content detection and polyglot attack prevention
- Add EXIF data sanitization to prevent metadata leaks
- Enhance UploadPhotoForm with security validation
- Add security logging for audit trails
- Include comprehensive test suite for security features
- Add python-magic dependency for MIME type detection
- Update configuration with security settings
- Add detailed documentation for file upload security

Security features:
- File type validation (magic bytes + MIME type)
- Content security scanning (malware detection)
- EXIF data sanitization (privacy protection)
- Enhanced logging (security event tracking)
- Comprehensive test coverage

Removed rate limiting as requested for better user experience.

config.py

@@ -296,6 +296,16 @@ TRUSTED_DEFAULT_URLS = list(map(map_legacy_config, TRUSTED_DEFAULT_URLS))
 BLUESKY_IDENTIFIER = os.environ.get("BLUESKY_IDENTIFIER", None)
 BLUESKY_APP_PASSWORD = os.environ.get("BLUESKY_APP_PASSWORD", None)
 
+# File upload security settings
+FILE_UPLOAD_MAX_MEMORY_SIZE = 5 * 1024 * 1024  # 5MB
+DATA_UPLOAD_MAX_MEMORY_SIZE = 5 * 1024 * 1024  # 5MB
+FILE_UPLOAD_PERMISSIONS = 0o644
+
+# Enhanced file upload security
+ENABLE_FILE_SECURITY_VALIDATION = True
+ENABLE_EXIF_SANITIZATION = True
+ENABLE_MALICIOUS_CONTENT_SCAN = True
+
 # Logging configuration - can be overridden in local config
 # Example: LOGS_DIR = "/var/log/ivatar"  # For production deployments