feat: storage template file move hardening (#5917)

* fix: pgvecto.rs extension breaks typeorm schema:drop command

* fix: parse postgres bigints to javascript number types when selecting data

* feat: verify file size is the same as original asset after copying file for storage template job

* feat: allow disabling of storage template job, defaults to disabled for new instances

* fix: don't allow setting concurrency for storage template migration, can cause race conditions above 1

* feat: add checksum verification when file is copied for storage template job

* fix: extract metadata for assets that aren't visible on timeline

server/src/infra/entities/system-config.entity.ts

@@ -84,6 +84,8 @@ export enum SystemConfigKey {
 
   PASSWORD_LOGIN_ENABLED = 'passwordLogin.enabled',
 
+  STORAGE_TEMPLATE_ENABLED = 'storageTemplate.enabled',
+  STORAGE_TEMPLATE_HASH_VERIFICATION_ENABLED = 'storageTemplate.hashVerificationEnabled',
   STORAGE_TEMPLATE = 'storageTemplate.template',
 
   THUMBNAIL_WEBP_SIZE = 'thumbnail.webpSize',
@@ -171,7 +173,7 @@ export interface SystemConfig {
     accel: TranscodeHWAccel;
     tonemap: ToneMapping;
   };
-  job: Record<QueueName, { concurrency: number }>;
+  job: Record<Exclude<QueueName, QueueName.STORAGE_TEMPLATE_MIGRATION>, { concurrency: number }>;
   logging: {
     enabled: boolean;
     level: LogLevel;
@@ -216,6 +218,8 @@ export interface SystemConfig {
     enabled: boolean;
   };
   storageTemplate: {
+    enabled: boolean;
+    hashVerificationEnabled: boolean;
     template: string;
   };
   thumbnail: {