Update v1.2.0-beta - Dynamic context menu & permissions

✨ New Features:
- Dynamic permission-based context menus for files and folders
- Support for collaborative folder access control
- Upload to specific folders including shared folders
- Changelog modal for version updates
- Improved dark mode synchronization

🐛 Bug Fixes:
- Fixed context menu displaying incorrect options
- Fixed CSS !important override preventing dynamic menu behavior
- Fixed folder collaboration permission checks
- Fixed breadcrumb navigation with empty segments
- Fixed "Premature close" error loop in attachments
- Fixed missing user variable in admin routes
- Fixed avatar loading COEP policy issues

🔒 Security:
- Added security middleware (CSRF, rate limiting, input validation)
- Fixed collaboration folder access validation
- Improved shared folder permission handling

🎨 UI/UX Improvements:
- Removed Actions column from folder view
- Context menu now properly hides/shows based on permissions
- Better visual feedback for collaborative folders
- Improved upload flow with inline modals

🧹 Code Quality:
- Added collaboration data to folder routes
- Refactored context menu logic for better maintainability
- Added debug logging for troubleshooting
- Improved file upload handling with chunking support

Middlewares/securityHeadersMiddleware.js

@@ -0,0 +1,76 @@
+/**
+ * Middleware de sécurité pour ajouter les headers HTTP sécurisés
+ * Conforme aux bonnes pratiques OWASP
+ */
+
+const securityHeadersMiddleware = (req, res, next) => {
+    // Désactive l'envoi de l'en-tête X-Powered-By pour ne pas révéler la stack technique
+    res.removeHeader('X-Powered-By');
+
+    // Content Security Policy (CSP) - Protège contre les attaques XSS
+    res.setHeader(
+        'Content-Security-Policy',
+        [
+            "default-src 'self'",
+            "script-src 'self' 'unsafe-inline' 'unsafe-eval' https://code.jquery.com https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://cdn.jsdelivr.net https://cdn.tailwindcss.com",
+            "style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://fonts.googleapis.com",
+            "img-src 'self' data: https: blob:",
+            "font-src 'self' https://cdnjs.cloudflare.com https://fonts.gstatic.com",
+            "connect-src 'self' ws: wss: https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com",
+            "frame-ancestors 'none'",
+            "base-uri 'self'",
+            "form-action 'self'"
+        ].join('; ')
+    );
+
+    // X-Content-Type-Options - Empêche le navigateur de deviner le type MIME
+    res.setHeader('X-Content-Type-Options', 'nosniff');
+
+    // X-Frame-Options - Protège contre le clickjacking
+    res.setHeader('X-Frame-Options', 'DENY');
+
+    // X-XSS-Protection - Active la protection XSS du navigateur
+    res.setHeader('X-XSS-Protection', '1; mode=block');
+
+    // Strict-Transport-Security (HSTS) - Force HTTPS
+    if (req.secure || process.env.NODE_ENV === 'production') {
+        res.setHeader(
+            'Strict-Transport-Security',
+            'max-age=31536000; includeSubDomains; preload'
+        );
+    }
+
+    // Referrer-Policy - Contrôle les informations de référence envoyées
+    res.setHeader('Referrer-Policy', 'strict-origin-when-cross-origin');
+
+    // Permissions-Policy - Contrôle les fonctionnalités du navigateur
+    res.setHeader(
+        'Permissions-Policy',
+        [
+            'camera=()',
+            'microphone=()',
+            'geolocation=()',
+            'payment=()',
+            'usb=()',
+            'magnetometer=()',
+            'accelerometer=()',
+            'gyroscope=()'
+        ].join(', ')
+    );
+
+    // X-Permitted-Cross-Domain-Policies - Restreint les politiques cross-domain
+    res.setHeader('X-Permitted-Cross-Domain-Policies', 'none');
+
+    // Cross-Origin-Embedder-Policy - Désactivé pour permettre les ressources externes (avatars, images CDN)
+    // res.setHeader('Cross-Origin-Embedder-Policy', 'require-corp');
+
+    // Cross-Origin-Opener-Policy - Isole le contexte de navigation
+    res.setHeader('Cross-Origin-Opener-Policy', 'same-origin');
+
+    // Cross-Origin-Resource-Policy - Contrôle le partage de ressources
+    res.setHeader('Cross-Origin-Resource-Policy', 'same-origin');
+
+    next();
+};
+
+module.exports = securityHeadersMiddleware;