Validate external files

[Akshay2191]

I am validating the external files through a two-stage validation process performed immediately after a file is downloaded to a temp(or a secured folder), before moving to the actual file path.

• Stage 1 uses MIME-type sniffing to reject any file content identified as an executable binary (e.g., ELF), regardless of its file extension.

• Stage 2 is where the Agent uses the file's intended extension (e.g., .conf, .pem, .yaml) to determine its expected format using the filename received in the file meta and then validates that the content is structurally correct for that role (e.g., ensuring a .yaml file is plain text, or a .pem file contains the required -----BEGIN header). This ensures the files are both non-malicious and correctly formatted for NGINX.

Checklist

Before creating a PR, run through this checklist and mark each as complete.

• I have read the CONTRIBUTING document
• I have run make install-tools and have attached any dependency changes to this pull request
• If applicable, I have added tests that prove my fix is effective or that my feature works
• If applicable, I have checked that any relevant tests pass after adding my changes
• If applicable, I have updated any relevant documentation (README.md)
• If applicable, I have tested my cross-platform changes on Ubuntu 22, Redhat 8, SUSE 15 and FreeBSD 13

[codecov]

Codecov Report

❌ Patch coverage is 78.40909% with 57 lines in your changes missing coverage. Please review.
✅ Project coverage is 86.29%. Comparing base (b1947ec) to head (cb70fb9).
⚠️ Report is 76 commits behind head on external-file-mgmt-integration.

Files with missing lines	Patch %	Lines
internal/file/file_manager_service.go	73.13%	42 Missing and 12 partials ⚠️
internal/config/config.go	95.23%	1 Missing and 1 partial ⚠️
internal/file/file_service_operator.go	95.23%	1 Missing ⚠️

Additional details and impacted files

@@                        Coverage Diff                         @@
##           external-file-mgmt-integration    #1426      +/-   ##
==================================================================
- Coverage                           86.31%   86.29%   -0.02%     
==================================================================
  Files                                 102      102              
  Lines                               12603    12846     +243     
==================================================================
+ Hits                                10878    11086     +208     
- Misses                               1249     1272      +23     
- Partials                              476      488      +12     

Files with missing lines	Coverage Δ
internal/config/defaults.go	100.00% <ø> (ø)
internal/config/flags.go	100.00% <ø> (ø)
internal/config/types.go	87.65% <ø> (ø)
internal/model/config.go	90.47% <ø> (ø)
internal/file/file_service_operator.go	77.32% <95.23%> (+1.18%)	⬆️
internal/config/config.go	87.60% <95.23%> (+0.29%)	⬆️
internal/file/file_manager_service.go	74.60% <73.13%> (-0.79%)	⬇️

... and 6 files with indirect coverage changes

---

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update b1947ec...cb70fb9. Read the comment docs.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[Akshay2191]

This was a part of POC.