Is your feature request related to a problem? Please describe.
I use presigned URLs because having an object store deployment and having file uploads pass through my backend is a bit silly. I assumed that the pre-resigned URLs were safe and checked for all the specifications listed when creating them. So, imagine my surprise when a security audit showed that an XSS attack was trivial and could easily be achieved by uploading an SVG file. An action I explicitly disallow when creating a presigned URL for uploading images.

Describe the solution you'd like
I suggest two alternative solutions for this:

1. Perform a content type detection using the file contents on file upload and reject if it clashes with policy claims.
2. Provide a middleware plug-in through which a custom validator can be specified.

Describe alternatives you've considered
I have considered using events to perform post-upload checks. But that's not going to work in an environment where security is important and content created by customers can reach admins.

Additional context