The endpoint is disabled by default, no matter what protection modes
are enabled. If all are disabled, then the endpoint is not
protected (if enabled by an admin). Conversely, if all protection
modes are enabled, they all must succeed.
All protection modes should be off by default, so the user would
choose one. It is confusing, if a user enables one and doesn't realize
that another one is also enabled by default.
Applications running next to docspell may want a way to upload files
to any collective for integration purposes. This endpoint can be used
for this. It is disabled by default and can be enabled via the
configuration file.
The restriction that only pdf files can be uploaded is removed. All
files can now be uploaded. The processing may not process all. It is
still possible to restrict file uploads by types via a configuration.