♻️(backend) stop returning a 415 on cors-proxy endpoint

When the content-type return by the targeted url is not an image, the
endpoint was returning a 415 status code. We don't want to provide this
info anymore avoid disclosing information an attacker can use.

src/backend/core/api/viewsets.py

@@ -1810,7 +1810,8 @@ class DocumentViewSet(
 
             if not content_type.startswith("image/"):
                 return drf.response.Response(
-                    status=status.HTTP_415_UNSUPPORTED_MEDIA_TYPE
+                    {"detail": "Invalid URL used."},
+                    status=status.HTTP_400_BAD_REQUEST
                 )
 
             # Use StreamingHttpResponse with the response's iter_content to properly stream the data

src/backend/core/tests/documents/test_api_documents_cors_proxy.py

@@ -186,7 +186,8 @@ def test_api_docs_cors_proxy_unsupported_media_type(mock_getaddrinfo):
     response = client.get(
         f"/api/v1.0/documents/{document.id!s}/cors-proxy/?url={url_to_fetch}"
     )
-    assert response.status_code == 415
+    assert response.status_code == 400
+    assert response.json() == {"detail": "Invalid URL used."}
 
 
 @pytest.mark.parametrize(