Feature idea: configurable media serving domain

[simonw]

Serving raw data out of the database could inadvertently lead to XSS attacks, if a site allows users to insert content that is later served up raw by this plugin.

These could be avoided by configuring a separate "media serving" domain - e.g. if the plugin was running on datasette.io but the media serving domain was datasette-user-content.io.

Both domains would point at the same instance. The datasette-media plugin could be configured to only serve assets on datasette-user-content.io based on the incoming Host header.