NocoDB: Signed attachment handler bypass due to key-case mismatch

A key-case mismatch in the signed attachment handler caused `Content-Disposition: attachment` to be dropped, allowing `.html` and `.svg` files to render inline. The fix corrects the key case and forces `Content-Disposition: attachment` and `Content-Type: application/octet-stream` for non-allowlisted MIME types.

NocoDB instances with `NC_SECURE_ATTACHMENTS=true` and authenticated users with upload permission.

Update NocoDB to the latest version that includes the fix, or manually ensure `NC_SECURE_ATTACHMENTS` is disabled if not needed.