Only allow downloads of submissions if user is logged in / correct referrer / etc

[ywwg]

Right now the urls are public, they really shouldn't be.

[Katee]

Usually in production environments I have files go directly from the client to S3. You have the server generate presigned posts which go directly to a bucket you control on S3 and then you do any processing required to those files on a queue worker. You can easily make the files on S3 private and required requests to view them to be signed.

Heroku has a guide on setting this up and I have done it for a few projects. If there is an AWS/S3 account we can use I am happy to set this up.