Disable Signed URLs when Entry ID taken from URL Param

[jakejackson1]

Description

Close this security loophole:

Do not use the Signed PDF URL feature with the Page Confirmation type, as an end user will be able to change the entry ID in the URL and get access to other PDFs. Signed URLs can be safely used with Text or Redirect Confirmation types. Alternatively, non-signed PDF URLs are not vulnerable, and can be safely used in Page Confirmations.

Testing instructions

1. Setup a form + PDF
2. Copy the PDF download shortcode and paste it on a WordPress page. Add the signed=1 attribute to the shortcode
3. Edit the form's default confirmation and set up a Page Confirmation
4. Choose the WordPress page you added the shortcode to
5. Add entry={entry_id} to the Query String setting
6. Submit the test form and verify the PDF Download Link doesn't include the standard signed URL parameters

Checklist:

• [x] I've tested the code.
• [ ] My code is easy to read, follow, and understand
• [ ] My code follows the accessibility standards.
• [x] My code has proper inline documentation / docblocks.

Additional Comments

[codecov[bot]]

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 76.97%. Comparing base (9173274) to head (8ae3007).

Additional details and impacted files

```diff @@ Coverage Diff @@ ## development #1509 +/- ## ============================================ Coverage 76.97% 76.97% ============================================ Files 244 244 Lines 12739 12740 +1 Branches 370 370 ============================================ + Hits 9806 9807 +1 Misses 2925 2925 Partials 8 8 ```

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.