Add an opt-in FileAccessControl middleware that resolves the warehouse file
and enforces File::canBeAccessedBy() (default public, so existing consumers
are unaffected) when files.access_control.enabled is set. Resolution is
delegated to a configurable files.warehouse.resolver (ResolvesWarehouseFiles)
and the resolved file is stashed on the request so the controller reuses it.
Exposed as the `files.access` route-middleware alias and auto-attached to the
package warehouse route. Adds the FileAccessControl unit suite.
The suite silently exercised a drifted workbench schema (bigint id()/morphs())
instead of the shipped uuid('id')/uuidMorphs() schema, so every UUID-keyed test
errored with SQLite "datatype mismatch" (39/104 errors). Add a shared
tests/TestCase that loads the package's real database/migrations as the single
source of truth (drift-proof) and centralizes the per-test boilerplate; fix one
ordering test that violated the real filables_unique constraint.
WarehouseService::searchAssetPath now clears the realpath/stat cache and retries
once on a miss, so an asset written by another process (image command, queue
worker) is servable without a restart. Hits are unaffected.
Suite: 105 tests, 235 assertions, green.
Fabian @ Blax Software