subdomains: Extend "static" to include resources hosted on S3.

This causes avatars and emoji which are hosted by Zulip in S3 (or
compatible) servers to no longer go through camo.  Routing these
requests through camo does not add any privacy benefit (as the request
logs there go to the Zulip admins regardless), and may break emoji
imported from Slack before 1bf385e35f,
which have `application/octet-stream` as their stored Content-Type.

zerver/lib/upload.py

@@ -216,6 +216,9 @@ def resize_emoji(image_data: bytes, size: int = DEFAULT_EMOJI_SIZE) -> bytes:
 
 
 class ZulipUploadBackend:
+    def get_public_upload_root_url(self) -> str:
+        raise NotImplementedError()
+
     def upload_message_file(
         self,
         uploaded_file_name: str,
@@ -425,6 +428,14 @@ class S3UploadBackend(ZulipUploadBackend):
         key.delete()
         return True
 
+    def get_public_upload_root_url(self) -> str:
+        # boto requires a key name, so we can't just pass "" here;
+        # trim the offending character back off from the URL we get
+        # back.
+        u = urllib.parse.urlsplit(self.get_public_upload_url("a"))
+        assert u.path.endswith("/a")
+        return urllib.parse.urlunsplit((u.scheme, u.netloc, u.path[:-1], "", ""))
+
     def upload_message_file(
         self,
         uploaded_file_name: str,
@@ -749,6 +760,9 @@ def get_local_file_path_id_from_token(token: str) -> Optional[str]:
 
 
 class LocalUploadBackend(ZulipUploadBackend):
+    def get_public_upload_root_url(self) -> str:
+        return "/user_avatars/"
+
     def upload_message_file(
         self,
         uploaded_file_name: str,
@@ -930,6 +944,10 @@ else:
     upload_backend = S3UploadBackend()  # nocoverage
 
 
+def get_public_upload_root_url() -> str:
+    return upload_backend.get_public_upload_root_url()
+
+
 def delete_message_image(path_id: str) -> bool:
     return upload_backend.delete_message_image(path_id)