fix(upload): add file type/size validation, Content-Disposition header

- Add content type allowlist (images, PDF, text, video, audio, zip)
- Enforce 10 MB upload limit via http.MaxBytesReader
- Set Content-Disposition on S3 objects for proper download filenames
- Remove unused CloudFrontSigner.Domain() method

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

server/internal/auth/cloudfront.go

@@ -137,11 +137,6 @@ func parseRSAPrivateKey(pemBytes []byte) (*rsa.PrivateKey, error) {
 	return rsaKey, nil
 }
 
-// Domain returns the CDN domain (e.g. "static.multica.ai").
-func (s *CloudFrontSigner) Domain() string {
-	return s.domain
-}
-
 // SignedCookies generates the three CloudFront signed cookies with the given expiry.
 func (s *CloudFrontSigner) SignedCookies(expiry time.Time) []*http.Cookie {
 	policy := fmt.Sprintf(`{"Statement":[{"Resource":"https://%s/*","Condition":{"DateLessThan":{"AWS:EpochTime":%d}}}]}`, s.domain, expiry.Unix())