Hide exposed .user.js file from Internet (and/or allow nginx configuration changes for admin only)

[LowMem]

Bug description

Please allow .user.js file to be hidden from internet when installing Wordfence module (recommended in Hardening Wordpress.

This is due to nginx webserver use. I could get rid of security warning following manual configuration, but I believe it will appear again on update.

Context

• Hardware: Olinuxino
• YunoHost version:

  yunohost: 
  repo: stable
  version: 11.1.15
  yunohost-admin: 
  repo: stable
  version: 11.1.8
  moulinette: 
  repo: stable
  version: 11.1.4
  ssowat: 
  repo: stable
  version: 11.1.4

• I have access to my server: Through SSH and through the webadmin and direct access via keyboard / screen.
• Are you in a special context or did you perform some particular tweaking on your YunoHost instance?: no.
  I only installed Wordpress and Wordfence module.
• Using, or trying to install package version/branch: Wordpress - 6.2~ynh1

Steps to reproduce

```sh
sudo yunohost app install wordpress
```

• Then, login into wordpress and install wordfence plugin. Public file is detected at first scan.

Expected behavior

What would be really great, would be to be able to add some nginx config block in Wordpress configuration in admin panel. This would allow to hide such file and also any other file exposed by any other wordpress module.

Logs

Nothing has failed. Wordpress needs manual nginx configuration changes when using Wordfence (a well known Wordpress module).

[LowMem]

I forgot to mention that manual change to nginx configuration file is (only) to add such block to /etc/nginx/conf.d/<wordpress_ynh_URL_used>.d/wordpress.conf file:

location ~ ^/\.user\.ini {
deny all;
}