config: don't serve image blobs with Content-Disposition: inline

[alxndrsn]

Introduced in #1769, logo and hero-image on the login page are displayed in <img> tags.

Content-Disposition: inline is a convenience to allow directly-linked images to display in the browser instead of downloading.

It's unlikely that login-page branding images would be directly linked.

What has been done to verify that this works as intended?

• updated existing tests
• tested with frontend that images are still displayed correctly on the login page:

Why is this the best possible solution? Were any other approaches considered?

1. Content-Disposition: inline is risky with user-submitted content, and should only be used when necessary.
2. simplifies config/public: cache blob content #1810

How does this change affect users? Describe intentional changes to behavior and behavior that could have accidentally been affected by code changes. In other words, what are the regression risks?

Unlikely to have any effect as it's a new feature, and linking directly to config-blob-images is a surprising use case.

Does this change require updates to the API documentation? If so, please update docs/api.yaml as part of this PR.

No.

Before submitting this PR, please make sure you have:

• run make test and confirmed all checks still pass, or witnessed Github completing all checks with success
• verified that any code from external sources are properly credited in comments or that everything is internally sourced