download manager improvements

[bretth18]

Description

This PR significantly improves how incomplete downloads are handled and finalized in the DownloadManager. It introduces a dedicated incomplete download directory, ensures files are safely resumed and finalized, and prevents accidental overwrites of completed downloads. The changes also enhance security and correctness in file handling.

Incomplete Download Handling and File Finalization:

• Added a new incompleteDownloadDirectory property to the DownloadSettingsProviding protocol and implemented logic in DownloadManager to use a dedicated directory for incomplete downloads, improving separation and management of partial files. [1] [2]
• Introduced computeIncompletePath and related helpers to generate unique, safe paths for incomplete files, including SHA256-based disambiguation and safe filename truncation.
• Implemented finalizeCompletedDownload to move files from the incomplete directory to their final destination, ensuring that existing files are never overwritten by appending a suffix if necessary.
• Updated all download and file transfer logic to use the new incomplete directory for partial files, and to finalize downloads only after successful completion and verification. [1] [2] [3] [4]

Correctness and Robustness Improvements:

• Improved file size handling and verification, including better handling of unknown file sizes and stricter checks for incomplete transfers. [1] [2] [3] [4]
• Enhanced security by ensuring all file operations (including those for incomplete files) are checked against the correct base directory to prevent symlink attacks.

Protocol and Import Updates:

• Updated the protocol and imports to support the new incomplete download directory and file hashing. [1] [2]

File Transfer Token Handling:

• Improved logic to always verify the file transfer token before matching a pending transfer, even if only one is pending, to avoid mismatches from stale connections.

These changes together make the download process safer, more reliable, and more user-friendly, especially in cases of interrupted or repeated downloads.

How to test

• Ensure all checks pass

Author checklist

This PR:

• Satisfies a goal that is specific & clearly motivated
• Adds value in isolation (whether user-facing or sustainability-related)
• Contains a concise & easy-to-understand title + description
• Adheres to SRP by default
• Presents the best possible implementation to meet its goal, given constraints at hand