Implement authentication for private images

Description

Adds role-based authentication to verify image access. It first tries to find the image locally (after authentication), then redirects to the equivalent cdli.ucla.edu URL. This is for testing, and should not even matter the moment it goes live.

Type of PR

This PR is a feature.

Technicalities

nginx

• adds an auth_request to all routes starting with /dl, which sets off an request to an internal location
• this location extracts the artifact ID from the image filename and sends a request to CakePHP at route /artifacts/auth-image/:id
• if the authentication request is successful, it checks for the file locally and if unavailable redirects to the live CDLI site

CakePHP

• adds a route and action for authenticating images (/artifacts/auth-image/:id)
• if the artifact does not exist in the database, it returns immediately; because nginx does not handle 404 responses it returns 200 and lets nginx/cdli.ucla.edu handle the 404
• if the artifact exists and images are public, it returns 200 immediately
• if the artifact exists and images are not public, but the current user has role 1 (admin), 2 (editor) or 7 (can view private images), it returns 200 immediately
• else, it returns 403 (forbidden) if the user has logged in 401 (unauthorized) if the user is not logged in

Tests

1. Log out:
   • Go to http://localhost:2354/dl/tn_photo/P273210.jpg (returns image)
   • Go to http://localhost:2354/dl/lineart/P200721_l.jpg (returns 401)
2. Log in (and give yourself an admin role):
   • Go to http://localhost:2354/dl/lineart/P200721_l.jpg (redirects to cdli.ucla.edu)

Checklist:

• My pull request has a descriptive title (not a vague title like "Update index.md").
• My pull request targets the phoenix/develop branch of the repository.
• My commit messages follow best practices.
• My code follows the established code style of the repository.
• I tried running the project locally and verified that there are no visible errors.