In `cmd/drill/main.go`, when `cfg.Storage.Backend == "local"`, a new `storageMux` wraps the handler but serves `/storage/` files directly via `http.FileServer` without passing through SecurityHeaders, CSRF, or OTel.
Local-dev only. Production uses GCS signed URLs.
In `cmd/drill/main.go`, when `cfg.Storage.Backend == "local"`, a new `storageMux` wraps the handler but serves `/storage/` files directly via `http.FileServer` without passing through SecurityHeaders, CSRF, or OTel.
Local-dev only. Production uses GCS signed URLs.