Prevent deep linking to media files

Files in /media/ are generally world-readable if their URL is known. We must prevent this, as it might contain sensitive data (like person photos).

There are several options, of which we should chosoe a godo combination:

• Securing the storage with content hashes/salts/HMAC/etc. in the file and directory names themselves to prevent guessing
• Tie access to code logic that checks access to the model the file is related to
• Use django-sendfile to serve media files from a frontend webserver but still retain privilege control inside AlekSIS