upload: Use tusd for resumable, larger uploads.

Currently, it handles two hook types: 'pre-create' (to verify that the
user is authenticated and the file size is within the limit) and
'pre-finish' (which creates an attachment row).

No secret is shared between Django and tusd for authentication of the
hooks endpoints, because none is necessary -- tusd forwards the
end-user's credentials, and the hook checks them like it would any
end-user request.  An end-user gaining access to the endpoint would be
able to do no more harm than via tusd or the normal file upload API.

Regardless, the previous commit has restricted access to the endpoint
at the nginx layer.

Co-authored-by: Brijmohan Siyag <brijsiyag@gmail.com>

scripts/restart-server

@@ -105,6 +105,11 @@ if has_application_server():
     # This is an optional service, so may or may not exist
     workers.extend(list_supervisor_processes(["zulip-katex"]))
 
+    # This does have some Python code, which reads from settings.py,
+    # so we need to restart it on every deploy.  A short outage during
+    # the restart is fine, as clients will transparently retry.
+    workers.append("zulip-tus")
+
 if has_process_fts_updates():
     workers.append("process-fts-updates")
 

scripts/stop-server

@@ -49,6 +49,7 @@ if has_application_server():
     services.append("zulip-django")
     services.append("zulip-tornado:*")
     services.append("zulip-workers:*")
+    services.append("zulip-tus")
     services.append("zulip-katex")
     if has_application_server(once=True):
         # These used to be included in "zulip-workers:*"; we may be