better attachment handling, more options

Currently there very few options to configure how attachments are handled. You can only:

• allow or disallow attachments to be added
• allow or disallow attachments to be viewed

What's missing is an option to:

• limit the amount of revisions stored (e.g. only the last 100 versions of an attachment are stored)
• disable versions for attachments at all (only the last revision of a document is stored and displayed)

Background:
It's possible to add/update attachments via Webdav and automated scripts (e.g. cronjobs). This may result in a lot of revisions for the same files (couple of hundreds or even thousands depending on the update frequency). As there is currently no way to purge older versions automatically this will result in a serious performance issue for the Confluence server. We had ~12 attachments on a page that got updated automatically every 30 min. After reaching around 1.500 revisions (roughly 3 months of updates) the page holding those attachments was practically unreachable. The only way to revive the page was by manually deleting all attachments (and therefore all revisions) and re-creating the last revision. This took about 1h for those files and quite some Java exceptions due to timeouts.

If one forgets to purge the files once in a while it might be possible that the page holding those attachments is getting completely unreachable. This would require manual work in the database and the attachment folder to clean up the mess.

If you have the option to add attachments enabled for external users or even anonymous users you have opened the doors for a serious dos attack as it is pretty easy to just spam the page with attachments until it's more or less down. If you have enable Webdav for those users then trouble is to be expected.