Refactor file access

[SamuelWei]

Currently, room files are listed and when clicked, an async function is triggered to generate a short live link to download the file.
This is a problem as some browsers block the opening of a new window that is not directly caused by a user action.

Currently, the room token and room access code are sent in the header of all API requests to authenticate a user against the room.
A file access link is not an API request, so setting the header is not possible.

A new approach could be to generate an encrypted auth token when a user authenticates against the room via the api and associate this with the user's session. This token could be sent via a get request parameter during file access to check if the access code or token is still valid, while still protecting the token/code from being exposed in server logs, etc.