Allow WebP and SVG content types in PhotoCache

[Peque]

• Resolves: Image not shown when using WebP instead of JPEG contacts#4190

Summary

It seems like CardDAV's PhotoCache is currently only supporting PNG, JPEG, GIF and ICO images.

Nextcloud intercepts GET requests on addressbook URLs ending with ?photo, and uses ALLOWED_CONTENT_TYPES to set the type name, returning 404 if the content type is not supported (not part of the allowed content types struct).

Checklist

• Code is properly formatted
• Sign-off message is added to all commits
• (N/A) Tests (unit, integration, api and/or acceptance) are included
• (N/A) Screenshots before/after for front-end changes
• Documentation (manuals or wiki) has been updated or is not required
• Backports requested where applicable (ex: critical bugfixes)

[SebastianKrupinski]

@Peque that you for the PR.

I don't see any issues merging this PR other than our CI might not pass due to it coming from a fork. Stay tuned.

[st3iny]

Allowing webp images is fine.

However, allowing SVGs is a bit tricky because they pose security risks. They may contain arbitrary JavaScript code, which will be executed when they are rendered inline.

In avatars, they are only rendered using <img> tags which is mostly safe but I would still prefer to not allow them in the photo cache.

---

And yeah, we probably need to create another PR in the org to fix CI.

[Peque]

@st3iny I understand your concern. I removed SVG support from the MR so that, at least, WebP is supported (also updated the commit subject accordingly). 😊