## ADDED Requirements

### Requirement: File MIME Type Validation
The system SHALL validate file content type using magic bytes detection.

#### Scenario: Valid file with matching extension
- **WHEN** a user uploads a file
- **AND** the detected MIME type matches the file extension
- **THEN** the upload SHALL be accepted

#### Scenario: Spoofed file extension rejected
- **WHEN** a user uploads a file with extension `.jpg`
- **AND** the actual content is detected as `application/x-executable`
- **THEN** the upload SHALL be rejected with error "File type mismatch"

#### Scenario: Unsupported MIME type rejected
- **WHEN** a user uploads a file with an unsupported MIME type
- **THEN** the upload SHALL be rejected with error "Unsupported file type"

#### Scenario: MIME validation bypass for trusted sources
- **WHEN** a file is uploaded from a trusted internal source
- **AND** the system is configured to allow bypass
- **THEN** MIME validation MAY be skipped