Validate external files

[Akshay2191]

I am validating the external files through a two-stage validation process performed immediately after a file is downloaded to a temp(or a secured folder), before moving to the actual file path.

• Stage 1 uses MIME-type sniffing to reject any file content identified as an executable binary (e.g., ELF), regardless of its file extension.

• Stage 2 is where the Agent uses the file's intended extension (e.g., .conf, .pem, .yaml) to determine its expected format using the filename received in the file meta and then validates that the content is structurally correct for that role (e.g., ensuring a .yaml file is plain text, or a .pem file contains the required -----BEGIN header). This ensures the files are both non-malicious and correctly formatted for NGINX.

Checklist

Before creating a PR, run through this checklist and mark each as complete.

• I have read the CONTRIBUTING document
• I have run make install-tools and have attached any dependency changes to this pull request
• If applicable, I have added tests that prove my fix is effective or that my feature works
• If applicable, I have checked that any relevant tests pass after adding my changes
• If applicable, I have updated any relevant documentation (README.md)
• If applicable, I have tested my cross-platform changes on Ubuntu 22, Redhat 8, SUSE 15 and FreeBSD 13

[codecov]

Codecov Report

❌ Patch coverage is 32.00000% with 34 lines in your changes missing coverage. Please review.
⚠️ Please upload report for BASE (external-file-mgmt-integration@38913b5). Learn more about missing BASE report.

Files with missing lines	Patch %	Lines
internal/file/file_manager_service.go	32.00%	30 Missing and 4 partials ⚠️

Additional details and impacted files

@@                        Coverage Diff                        @@
##             external-file-mgmt-integration    #1426   +/-   ##
=================================================================
  Coverage                                  ?   86.29%           
=================================================================
  Files                                     ?      102           
  Lines                                     ?    12846           
  Branches                                  ?        0           
=================================================================
  Hits                                      ?    11086           
  Misses                                    ?     1272           
  Partials                                  ?      488           

Files with missing lines	Coverage Δ
internal/file/file_manager_service.go	74.60% <32.00%> (ø)

---

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 38913b5...cb70fb9. Read the comment docs.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.