Restrict access to uploaded files
This MR changes the way we allow to access uploaded files:
- we replace their urls with a custom one for the sms backend
- we check for the permissions to see a device/platform/configuration (so without user credentials we can't access attachments for internal or private elements)
- this improves reverse proxy via middleware, so that we can return proper urls