Expand file upload request guide

[samdark]

Summary

• expand the file upload section with upload error handling, size validation, MIME detection, safe generated filenames, and non-public storage guidance
• add a complete Yii3 action example using PSR-7 uploaded files, aliases, and a PSR-17 response factory

Verification

• Created a fresh template app with composer create-project yiisoft/app /tmp/yii-docs-upload-app --no-interaction
• Added the example action to the template app and ran php -l src/Web/Profile/UploadAvatarAction.php
• Ran vendor/bin/psalm --no-cache --output-format=console src/Web/Profile/UploadAvatarAction.php
• Ran vendor/bin/phpstan analyse src/Web/Profile/UploadAvatarAction.php --level=max --no-progress
• Invoked the action with an actual UploadedFile; verified success returns 201 and a missing upload returns 400
• Ran npm run build
• Ran npx markdown-link-check src/guide/runtime/request.md

Full npm run check-links still fails on existing unrelated links in translated/webserver/internal pages.

[Copilot]

Pull request overview

Expands the file upload section of the request runtime guide with a complete, security-conscious example action that validates upload errors, file size, and detected MIME type, stores files outside the public directory using @runtime, generates server-side file names, and adds practical notes on PSR-7 upload pitfalls.

Changes:

• Adds prose explaining the need to check upload errors before reading/moving a file.
• Adds a full UploadAvatarAction example using PSR-7 UploadedFileInterface, Yiisoft\Aliases\Aliases, and a PSR-17 response factory.
• Adds a notes list covering non-public storage, untrusted client metadata, PHP ini limits, and multi-file uploads.