Leaf 5765 - nginx update

[jampaul3]

Summary

This change updates the nginx rules for public .../files/... paths so uploaded/public files remain protected without breaking API endpoints that also contain /files/ in the URL.

Special considerations:

• Site names are dynamic across many deployments, so the rule could not rely on hardcoded app path names
• The fix had to remain generic while avoiding collisions with API routes containing /files

Impact

The main impact area is nginx routing for any URL containing /files/.

Potential impact:

• Public file-serving behavior for uploaded assets
• API behavior for file-related endpoints
• Security posture for files served from public directories

Mitigations:

• The rules still apply to public .../files/... URLs
• API routes are explicitly excluded so they continue to proxy to PHP
• The config is now easier to reason about because the concerns are separated into top-level locations rather than nested logic

User training or notification:

• No end-user training should be needed
• Admins affected by the regression should see file deletion behavior return to normal

Testing

Locally, need to rebuild the environment

• once rebuilt, go to file manager upload and attempt to delete a file, if it's gone after doing that all is good.