Post & Page Visibility: "Password Protected" option, add a warning for media files

[formosattic]

What

Quoting https://wordpress.com/support/post-and-page-visibility/#additional-notes:

When an image or media file is added to the content of a password protected page or post, the file can still be indexed by search engines. It can also be directly accessed by visitors without a password.

Why

This often trips users who think media files will also be protected, so may share sensitive files, and be badly surprised when noticing unusual access to those media files.

Context: 5167764-zd-woothemes

How

Add a warning message in the editor, like:

⚠️ Media files will still be accessible, see more info.

[zachspears]

I have reviewed the information, and I agree that this is a good recommendation. Users have a reasonable expectation of privacy when they set content to Password Protected. It is often not intuitive, particularly for less tech-savvy users, that the images are not "attached" to the page in some way. Providing this clarification seems prudent to ensure transparency and so I have set the priority to Normal.