This involves a couple primary changes:
1) to make Sails' temporary file-upload directory a configurable location
by using a common file-upload-receiving helper;
2) to create custom static routes for the file-upload locations, so they
can be outside the application's public directory; and
3) to use the file-uploading handler everywhere that receives files, so
config for the helper is applied to all file uploads consistently.
This is sufficient to allow the application directory to be deployed read-
only, with writable storage used for file uploads. The new config property
for Sails' temporary upload directory, combined with the existing settings
for user-avatar and background-image locations are sufficient to handle
uploads; the new custom routes handle serving those files from external
locations.
The default behavior of the application should be unchanged, with files
uploaded to, and served from, the public directory if the relevant
config properties aren't set to other values.
