Allow management operations like deleting files
This introduces the X-Token header field in the response of newly
uploaded files as a simple way for users to manage their own files.

It does not need to be particularly secure.
rm: cannot remove '{{ request.path.split("/")[1] }}': Permission denied