Commit c4579277 introduced an extra administrative security feature to
restrict files access to signed in users only, even  if a user has a valid
& signed download URL. The feature, however, did not take into account
public images & files associated with FAQs and pages such as
landing/thank-you pages.

This commit addresses the shortcoming by adding a reference ID (attachment ID)
to the download/access URL, that can be used to deduce the model/object type
that the file request is associated with. The technique will allow us in the
future to enforce ACL at the file level depending on privacy settings and
the security clearance of the user (agent).